Vulnerabilities > YOP Poll > YOP Poll > 6.1.5

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-6109 Race Condition vulnerability in Yop-Poll YOP Poll
The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26.
network
high complexity
yop-poll CWE-362
3.7
2022-08-01 CVE-2022-1600 Unspecified vulnerability in Yop-Poll YOP Poll
The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.
network
low complexity
yop-poll
5.3
2021-11-17 CVE-2021-24833 Unspecified vulnerability in Yop-Poll YOP Poll
The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application.
network
low complexity
yop-poll
5.4
2021-11-17 CVE-2021-24834 Unspecified vulnerability in Yop-Poll YOP Poll
The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application.
network
low complexity
yop-poll
5.4
2021-07-12 CVE-2021-24454 Unspecified vulnerability in Yop-Poll YOP Poll
In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page.
network
low complexity
yop-poll
6.1