Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress poll vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24442
The Poll, Survey, Questionnaire and Voting system WordPress plugin prior to 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks
Wpdevart Poll\\, Survey\\, Questionnaire And Voting System
9.8
CVSSv3
CVE-2020-11673
An issue exists in the Responsive Poll up to and including 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage of the callback wp_ajax_nopriv function in Includes/Total-Soft-Poll-Ajax.php...
Total-soft Responsive Poll
9.8
CVSSv3
CVE-2013-1400
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow malicious users to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.
Cardozatechnologies Wordpress Poll 34.05
Cardozatechnologies Wordpress Poll 34.06
9.8
CVSSv3
CVE-2013-1401
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote malicious user to add, edit, and delete an answer and delete a poll.
Cardozatechnologies Wordpress Poll 34.05
8.8
CVSSv3
CVE-2017-18521
The democracy-poll plugin prior to 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
Wp-kama Democracy Poll
7.5
CVSSv3
CVE-2023-34013
Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a up to and including 4.6.2.
Ays-pro Poll Maker
7.5
CVSSv3
CVE-2021-24651
The Poll Maker WordPress plugin prior to 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.
Ays-pro Poll Maker
7.5
CVSSv3
CVE-2020-24315
Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.
Wordpress Poll Project Wordpress Poll
7.2
CVSSv3
CVE-2021-24483
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin prior to 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in ...
Ays-pro Poll Maker
6.5
CVSSv3
CVE-2019-9568
The "Forminator Contact Form, Poll & Quiz Builder" plugin prior to 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.
Incsub Forminator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »