Ays-pro

Poll Maker

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-50904

  • EPSS 0.13%
  • Veröffentlicht 09.12.2024 13:15:39
  • Zuletzt bearbeitet 28.05.2025 20:21:49

Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.8.0.

4.3

CVE-2024-12115

  • EPSS 0.18%
  • Veröffentlicht 07.12.2024 02:15:18
  • Zuletzt bearbeitet 28.05.2025 18:42:15

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() fun...

7.2

CVE-2024-9874

Exploit
  • EPSS 0.79%
  • Veröffentlicht 09.11.2024 07:15:07
  • Zuletzt bearbeitet 15.05.2025 16:40:21

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied param...

7.2

CVE-2024-9475

  • EPSS 0.27%
  • Veröffentlicht 26.10.2024 03:15:03
  • Zuletzt bearbeitet 28.05.2025 18:42:34

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied paramete...

4.8

CVE-2024-9462

  • EPSS 0.17%
  • Veröffentlicht 26.10.2024 03:15:03
  • Zuletzt bearbeitet 28.05.2025 18:42:55

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. Th...

5.3

CVE-2024-3601

  • EPSS 0.53%
  • Veröffentlicht 02.05.2024 17:15:27
  • Zuletzt bearbeitet 28.05.2025 18:43:16

The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible...

6.1

CVE-2024-3600

  • EPSS 0.84%
  • Veröffentlicht 19.04.2024 03:15:06
  • Zuletzt bearbeitet 28.05.2025 18:41:41

The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all...

7.5

CVE-2023-34013

  • EPSS 0.15%
  • Veröffentlicht 13.11.2023 03:15:08
  • Zuletzt bearbeitet 21.11.2024 08:06:24

Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.

6.1

CVE-2023-41871

  • EPSS 0.17%
  • Veröffentlicht 25.09.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 08:21:49

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions.

4.8

CVE-2022-1456

Exploit
  • EPSS 0.21%
  • Veröffentlicht 30.05.2022 09:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:45

The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed