CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13426 – WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13426
21 Jan 2025 — The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries. Those queries are stored and results are not displayed to the attacker, which means they cannot be exploited to obtain any additional information about ... • https://github.com/WordPress/wordpress-develop/blob/a82874058f58575dbba64ce09b6dcbd43ccf5fdc/src/wp-includes/default-constants.php#L249 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-1581 – WP-Polls < 2.76.0 - IP Validation Bypass
https://notcve.org/view.php?id=CVE-2022-1581
31 Oct 2022 — The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. El complemento de WordPress WP-Polls anterior a 2.76.0 prioriza la obtención de la IP de un visitante a partir de ciertos encabezados HTTP sobre REMOTE_ADDR de PHP, lo que permite evitar las limitaciones basadas en IP para votar en ciertas situaciones. The WP-Polls plugin for WordPress is vulnera... • https://wpscan.com/vulnerability/c1896ab9-9585-40e2-abbf-ef5153b3c6b2 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40130 – WordPress WP-Polls plugin <= 2.76.0 - Auth. Race Condition vulnerability
https://notcve.org/view.php?id=CVE-2022-40130
05 Oct 2022 — Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress. Vulnerabilidad de Condición de Ejecución en el complemento WP-Polls en versiones <= 2.76.0 en WordPress. The WP-Polls plugin for WordPress is vulnerable to Race Condition in the function vote_poll_process() in versions up to, and including, 3.3.4. This can lead to unpredictable polling result changes when certain conditions are met. • https://patchstack.com/database/vulnerability/wp-polls/wordpress-wp-polls-plugin-2-76-0-race-condition-vulnerability?_s_id=cve • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9352 – WP-Polls <= 2.71 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9352
26 Aug 2019 — The wp-polls plugin before 2.72 for WordPress has SQL injection. El plugin wp-polls antes de 2.72 para WordPress tiene inyección SQL. • https://wordpress.org/plugins/wp-polls/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10936 – WP-Polls <= 2.73 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10936
29 Jul 2016 — The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option. El plugin wp-polls antes de 2.73.1 para WordPress tiene XSS a través de la opción de barra de sondeo. • https://wordpress.org/plugins/wp-polls/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •