cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12528,https://securityvulnerability.io/vulnerability/CVE-2024-12528,Stored Cross-Site Scripting in WordPress Survey & Poll Plugin,"The WordPress Survey & Poll Plugin suffers from a Stored Cross-Site Scripting vulnerability through the 'wpsurveypoll_results' shortcode, affecting all versions up to and including 1.7.5. This flaw is due to inadequate input sanitization and output escaping on user-supplied attributes. Authenticated attackers with contributor-level access can exploit this vulnerability to inject arbitrary web scripts into pages. When these pages are accessed by users, the scripts execute, potentially leading to unauthorized actions and data compromise.",Wordpress,"WordPress Survey & Poll – Quiz, Survey And Poll Plugin For WordPress",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,false,false,false,2025-01-07T03:21:55.299Z,0
CVE-2024-55998,https://securityvulnerability.io/vulnerability/CVE-2024-55998,WordPress Popup Surveys & Polls for WordPress (Mare.io) plugin <= 1.36 - Settings Change vulnerability,Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36.,Wordpress,Popup Surveys & Polls For WordPress (mare.io),5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-12-16T14:13:37.248Z,0
CVE-2024-3601,https://securityvulnerability.io/vulnerability/CVE-2024-3601,Unauthorized Access to Email Addresses via Missing Capability Check,"The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email addresses by enumerating them one character at a time.",Wordpress,Poll Maker – Best WordPress Poll Plugin,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:54.169Z,0
CVE-2024-3600,https://securityvulnerability.io/vulnerability/CVE-2024-3600,Poll Maker Vulnerable to Stored Cross-Site Scripting,"The Poll Maker – Best WordPress Poll Plugin plugin for WordPress exhibits a vulnerability to Stored Cross-Site Scripting (XSS) due to an absence of proper capability checks on the ays_poll_maker_quick_start AJAX action. Additionally, all versions up to and including 5.1.8 lack sufficient escaping and sanitization measures. This deficiency enables unauthenticated attackers to craft quizzes that can embed malicious scripts, which execute without user consent when a targeted individual visits the page, significantly increasing the risk of data theft and site compromise.",Wordpress,Poll Maker – Best WordPress Poll Plugin,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-19T02:34:44.234Z,0
CVE-2023-34013,https://securityvulnerability.io/vulnerability/CVE-2023-34013,WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF),"The Poll Maker – Best WordPress Poll Plugin is impacted by a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to send unauthorized requests from the server, potentially exposing sensitive data or internal resources. This vulnerability affects versions up to 4.6.2, emphasizing the need for updates to secure the plugin effectively. Website administrators must ensure they are using a patched version to avoid exploitation and safeguard their environments.",Wordpress,Poll Maker – Best WordPress Poll Plugin,7.5,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2023-11-13T03:15:00.000Z,0
CVE-2022-40130,https://securityvulnerability.io/vulnerability/CVE-2022-40130,WordPress WP-Polls plugin <= 2.76.0 - Auth. Race Condition vulnerability,Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.,Wordpress,WP-polls (WordPress Plugin),4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-18T23:15:00.000Z,0
CVE-2022-45069,https://securityvulnerability.io/vulnerability/CVE-2022-45069,WordPress Crowdsignal Dashboard plugin <= 3.0.9 - Privilege Escalation vulnerability,Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.,Wordpress,"Crowdsignal Dashboard – Polls, Surveys & More (WordPress Plugin)",6.3,MEDIUM,0.0009699999936856329,false,,false,false,false,,false,false,2022-11-17T00:00:00.000Z,0
CVE-2022-34656,https://securityvulnerability.io/vulnerability/CVE-2022-34656,"WordPress Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 - Authenticated Cross-Site Scripting (XSS) vulnerability","Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress.",Wordpress,"Poll, Survey, Questionnaire And Voting System (WordPress Plugin)",4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-09-06T18:15:00.000Z,0
CVE-2020-24315,https://securityvulnerability.io/vulnerability/CVE-2020-24315,,Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.,Wordpress,WordPress Poll,7.5,HIGH,0.005239999853074551,false,,false,false,false,,false,false,2020-08-26T13:04:48.000Z,0
CVE-2013-1401,https://securityvulnerability.io/vulnerability/CVE-2013-1401,,"Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.",Wordpress,WordPress Poll,9.8,CRITICAL,0.051419999450445175,false,,false,false,false,,false,false,2020-02-13T20:48:39.000Z,0
CVE-2013-1400,https://securityvulnerability.io/vulnerability/CVE-2013-1400,,Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.,Wordpress,WordPress Poll,9.8,CRITICAL,0.04084999859333038,false,,false,false,false,,false,false,2020-02-13T20:19:32.000Z,0
CVE-2015-2090,https://securityvulnerability.io/vulnerability/CVE-2015-2090,,SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.,Wordpress,WordPress Survey And Poll,,,0.001509999972768128,false,,false,false,false,,false,false,2015-02-26T15:00:00.000Z,0