Ays-pro

Poll Maker

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2025-12620

  • EPSS 0.03%
  • Veröffentlicht 13.11.2025 05:30:39
  • Zuletzt bearbeitet 14.11.2025 16:42:03

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied p...

6.5

CVE-2025-57954

  • EPSS 0.05%
  • Veröffentlicht 22.09.2025 18:24:49
  • Zuletzt bearbeitet 22.09.2025 21:22:33

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker allows DOM-Based XSS. This issue affects Poll Maker: from n/a through 6.0.1.

5.3

CVE-2024-12575

  • EPSS 0.06%
  • Veröffentlicht 16.08.2025 02:24:33
  • Zuletzt bearbeitet 18.08.2025 20:16:28

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated...

8.1

CVE-2025-47545

  • EPSS 0.06%
  • Veröffentlicht 07.05.2025 14:20:17
  • Zuletzt bearbeitet 12.05.2025 20:19:53

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7.

9.8

CVE-2025-24577

  • EPSS 0.06%
  • Veröffentlicht 17.04.2025 15:48:20
  • Zuletzt bearbeitet 28.05.2025 17:51:01

Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Poll Maker: from n/a through 5.5.0.

4.8

CVE-2024-13602

Exploit
  • EPSS 0.07%
  • Veröffentlicht 16.03.2025 06:15:12
  • Zuletzt bearbeitet 09.04.2025 13:06:16

The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe...

9.8

CVE-2025-26971

  • EPSS 0.1%
  • Veröffentlicht 25.02.2025 15:15:30
  • Zuletzt bearbeitet 21.05.2025 17:08:29

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5.

5.3

CVE-2024-56277

  • EPSS 0.14%
  • Veröffentlicht 21.01.2025 14:15:09
  • Zuletzt bearbeitet 09.06.2025 19:33:43

Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a.

6.5

CVE-2024-56295

  • EPSS 0.13%
  • Veröffentlicht 15.01.2025 16:15:28
  • Zuletzt bearbeitet 28.05.2025 20:21:09

Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6.

5.3

CVE-2023-45766

  • EPSS 0.15%
  • Veröffentlicht 02.01.2025 12:15:10
  • Zuletzt bearbeitet 28.05.2025 20:21:27

Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1.