Vulnerabilities > YOP Poll
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-6109 | Race Condition vulnerability in Yop-Poll YOP Poll The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. | 3.7 |
2022-08-01 | CVE-2022-1600 | Unspecified vulnerability in Yop-Poll YOP Poll The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. | 5.3 |
2022-03-07 | CVE-2022-0205 | Cross-site Scripting vulnerability in Yop-Poll The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue | 5.4 |
2021-11-17 | CVE-2021-24833 | Unspecified vulnerability in Yop-Poll YOP Poll The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. | 5.4 |
2021-11-17 | CVE-2021-24834 | Unspecified vulnerability in Yop-Poll YOP Poll The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. | 5.4 |
2021-10-25 | CVE-2021-24885 | Cross-site Scripting vulnerability in Yop-Poll The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | 6.1 |
2021-07-12 | CVE-2021-24454 | Unspecified vulnerability in Yop-Poll YOP Poll In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. | 6.1 |
2019-03-22 | CVE-2019-9914 | Cross-site Scripting vulnerability in Yop-Poll The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. | 6.1 |
2017-04-28 | CVE-2017-2127 | Cross-site Scripting vulnerability in Yop-Poll YOP Poll Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |