VYPR

Polls Cp

by WordPress

CVEs (11)

  • CVE-2016-20066HigJun 15, 2026
    risk 0.47cvss 7.2epss 0.00

    WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to…

  • CVE-2024-47297HigOct 6, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls cp-polls allows Reflected XSS.This issue affects CP Polls: from n/a through <= 1.0.74.

  • CVE-2015-9346MedAug 27, 2019
    risk 0.40cvss 6.1epss 0.01

    The cp-polls plugin before 1.0.5 for WordPress has XSS.

  • CVE-2014-10395MedAug 27, 2019
    risk 0.40cvss 6.1epss 0.01

    The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.

  • CVE-2025-50025MedJun 20, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls cp-polls allows Stored XSS.This issue affects CP Polls: from n/a through <= 1.0.81.

  • CVE-2024-8854MedMay 15, 2025
    risk 0.35cvss 5.4epss 0.00

    The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi…

  • CVE-2024-8851MedMay 15, 2025
    risk 0.35cvss 5.4epss 0.00

    The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi…

  • CVE-2024-24874MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71.

  • CVE-2024-24873MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.00

    : Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71.

  • CVE-2016-20067MedJun 15, 2026
    risk 0.28cvss 4.3epss 0.00

    WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page…

  • CVE-2014-125091MedMar 4, 2023
    risk 0.24cvss 4.7epss 0.01

    A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be…