Medium severityNVD Advisory· Published Jan 16, 2026· Updated Apr 15, 2026
CVE-2019-25297
CVE-2019-25297
Description
Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain a stored cross-site scripting (XSS) vulnerability via multiple parameters due to insufficient input validation and output escaping. An unauthenticated attacker can inject arbitrary script into content that executes when a victim views an affected page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=19.6.25
Patches
Vulnerability mechanics
References
7- plugins.trac.wordpress.org/changeset/2158590/social-polls-by-opinionstagenvd
- web.archive.org/web/20191020011448/https://www.pluginvulnerabilities.com/2019/09/16/hackers-may-already-be-targeting-this-persistent-xss-vulnerability-in-poll-survey-form-quiz-maker-by-opinionstage/nvd
- wordpress.org/plugins/social-polls-by-opinionstage/nvd
- wpscan.com/vulnerability/4ed1edd6-3813-44a3-bee7-f07c1774b679/nvd
- www.acunetix.com/vulnerabilities/web/wordpress-plugin-poll-survey-form-quiz-maker-by-opinionstage-cross-site-scripting-19-6-24/nvd
- www.vulncheck.com/advisories/poll-survey-and-quiz-maker-plugin-by-opinion-stage-stored-xssnvd
- www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19625-unauthenticated-stored-cross-site-scriptingnvd
News mentions
0No linked articles in our index yet.