2 results (0.007 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-34656 – WordPress Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 - Authenticated Cross-Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2022-34656

25 Aug 2022 — Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Autenticado (admin+) en el plugin wpdevart Poll, Survey, Questionnaire and Voting system versiones anteriores a 1.7.4 incluyéndola en WordPress. The Poll, Survey, Questionnaire and Voting system plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.4 due t... • https://patchstack.com/database/vulnerability/polls-widget/wordpress-poll-survey-questionnaire-and-voting-system-plugin-1-7-4-authenticated-cross-site-scripting-xss-vulnerability/_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 71%CPEs: 1EXPL: 2

CVE-2021-24442 – Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection

https://notcve.org/view.php?id=CVE-2021-24442

22 Jun 2021 — The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks El plugin Poll, Survey, Questionnaire and Voting system de WordPress, versiones anteriores a 1.5.3 no saneaba, escapaba o comprobaba el parámetro POST date_answers[] antes de usarlo en una sentencia SQL cuando se envía el resultado de... • https://wpscan.com/vulnerability/7376666e-9b2a-4239-b11f-8544435b444a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •