Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress poll vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2024-3601
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated mal...
NA
CVE-2024-3600
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and inc...
5.9
CVSSv3
CVE-2023-4642
The kk Star Ratings WordPress plugin prior to 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
Kamalkhan Kk Star Ratings
3.7
CVSSv3
CVE-2023-6109
The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated malicious users to place multiple votes on a single poll even w...
Yop-poll Yop Poll
7.5
CVSSv3
CVE-2023-34013
Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a up to and including 4.6.2.
Ays-pro Poll Maker
3.1
CVSSv3
CVE-2023-2010
The Forminator WordPress plugin prior to 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.
Incsub Forminator
4.8
CVSSv3
CVE-2022-34656
Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress.
Wpdevart Poll\\, Survey\\, Questionnaire And Voting System
5.3
CVSSv3
CVE-2022-1600
The YOP Poll WordPress plugin prior to 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.
Yop-poll Yop Poll
4.8
CVSSv3
CVE-2022-1456
The Poll Maker WordPress plugin prior to 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed
Ays-pro Poll Maker
5.4
CVSSv3
CVE-2022-0205
The YOP Poll WordPress plugin prior to 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue
Yop-poll Yop-poll
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »