VYPR

Poll Maker

by Ays Pro

CVEs (12)

  • CVE-2025-26971HigFeb 25, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.This issue affects Poll Maker: from n/a through <= 5.6.5.

  • CVE-2024-3600HigApr 19, 2024
    risk 0.47cvss 7.2epss 0.00

    The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and…

  • CVE-2025-57954MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker poll-maker allows DOM-Based XSS.This issue affects Poll Maker: from n/a through <= 6.0.2.

  • CVE-2025-24577MedApr 17, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.0.

  • CVE-2024-56295MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.6.

  • CVE-2025-47545MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Race Conditions.This issue affects Poll Maker: from n/a through <= 5.7.7.

  • CVE-2024-56277MedJan 21, 2025
    risk 0.34cvss 5.3epss 0.00

    Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through < 5.5.5.

  • CVE-2023-45766MedJan 2, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.7.1.

  • CVE-2023-50904MedDec 9, 2024
    risk 0.34cvss 5.3epss 0.01

    Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.8.0.

  • CVE-2024-3601MedMay 2, 2024
    risk 0.34cvss 5.3epss 0.01

    The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated…

  • CVE-2023-34013MedNov 13, 2023
    risk 0.29cvss 4.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.

  • CVE-2021-24483Aug 2, 2021
    risk 0.00cvss epss 0.01

    The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in…