Vulnerabilities > YOP Poll

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-6109 Race Condition vulnerability in Yop-Poll YOP Poll
The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26.
network
high complexity
yop-poll CWE-362
3.7
2022-03-07 CVE-2022-0205 Cross-site Scripting vulnerability in Yop-Poll
The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue
network
yop-poll CWE-79
3.5
2021-11-17 CVE-2021-24833 Cross-site Scripting vulnerability in Yop-Poll YOP Poll
The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application.
network
yop-poll CWE-79
3.5
2021-11-17 CVE-2021-24834 Cross-site Scripting vulnerability in Yop-Poll YOP Poll
The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application.
network
yop-poll CWE-79
4.3
2021-10-25 CVE-2021-24885 Cross-site Scripting vulnerability in Yop-Poll
The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
network
yop-poll CWE-79
4.3
2021-07-12 CVE-2021-24454 Cross-site Scripting vulnerability in Yop-Poll YOP Poll
In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page.
network
yop-poll CWE-79
4.3
2019-03-22 CVE-2019-9914 Cross-site Scripting vulnerability in Yop-Poll
The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.
network
yop-poll CWE-79
4.3
2017-04-28 CVE-2017-2127 Cross-site Scripting vulnerability in Yop-Poll YOP Poll
Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
yop-poll CWE-79
5.4