Skip to main content

Wp Polls

3 CVEs product

Monthly

CVE-2024-13426 MEDIUM PATCH This Month

The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required.

WordPress XSS SQLi Wp Polls
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1581 MEDIUM POC This Month

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wp Polls
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-40130 LOW Monitor

Auth. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure WordPress Wp Polls
NVD
CVSS 3.1
3.1
EPSS
0.4%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required.

WordPress XSS SQLi +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wp Polls
NVD WPScan
EPSS 0% CVSS 3.1
LOW Monitor

Auth. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure WordPress +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy