Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress poll vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-34656
Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress.
Wpdevart Poll\\, Survey\\, Questionnaire And Voting System
9.8
CVSSv3
CVE-2021-24442
The Poll, Survey, Questionnaire and Voting system WordPress plugin prior to 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks
Wpdevart Poll\\, Survey\\, Questionnaire And Voting System
6.1
CVSSv3
CVE-2019-9567
The "Forminator Contact Form, Poll & Quiz Builder" plugin prior to 1.6 for WordPress has XSS via a custom input field of a poll.
Incsub Forminator
6.5
CVSSv3
CVE-2019-9568
The "Forminator Contact Form, Poll & Quiz Builder" plugin prior to 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.
Incsub Forminator
5.3
CVSSv3
CVE-2024-3601
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated mal...
6.1
CVSSv3
CVE-2016-10936
The wp-polls plugin prior to 2.73.1 for WordPress has XSS via the Poll bar option.
Wp-polls Project Wp-polls
NA
CVE-2024-3600
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and inc...
5.9
CVSSv3
CVE-2023-4642
The kk Star Ratings WordPress plugin prior to 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
Kamalkhan Kk Star Ratings
3.1
CVSSv3
CVE-2023-2010
The Forminator WordPress plugin prior to 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.
Incsub Forminator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3