Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress poll vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2015-2090
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote malicious users to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.
Sympies Wordpress Survey And Poll 1.1.7
1 EDB exploit
668
VMScore
CVE-2021-24442
The Poll, Survey, Questionnaire and Voting system WordPress plugin prior to 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks
Wpdevart Poll\\, Survey\\, Questionnaire And Voting System
668
VMScore
CVE-2020-11673
An issue exists in the Responsive Poll up to and including 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage of the callback wp_ajax_nopriv function in Includes/Total-Soft-Poll-Ajax.php...
Total-soft Responsive Poll
668
VMScore
CVE-2013-1400
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow malicious users to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.
Cardozatechnologies Wordpress Poll 34.05
Cardozatechnologies Wordpress Poll 34.06
668
VMScore
CVE-2013-1401
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote malicious user to add, edit, and delete an answer and delete a poll.
Cardozatechnologies Wordpress Poll 34.05
605
VMScore
CVE-2017-18521
The democracy-poll plugin prior to 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
Wp-kama Democracy Poll
578
VMScore
CVE-2021-24483
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin prior to 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in ...
Ays-pro Poll Maker
445
VMScore
CVE-2021-24651
The Poll Maker WordPress plugin prior to 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.
Ays-pro Poll Maker
445
VMScore
CVE-2020-24315
Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.
Wordpress Poll Project Wordpress Poll
383
VMScore
CVE-2021-24834
The YOP Poll WordPress plugin prior to 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. Th...
Yop-poll Yop Poll
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »