Ays-pro Poll_maker

20 CVEs affecting Ays-pro Poll_maker. Latest disclosed: 2025-05-07. Critical: 0, High: 5.

Top CVEs affecting Ays-pro Poll_maker
CVESeverityScorePublishedSummary
CVE-2025-26971High7.62025-02-25Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection…
CVE-2021-24651High7.52021-10-11The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not…
CVE-2024-3600High7.22024-04-19The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll…
CVE-2021-24483High7.22021-08-02The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderb…
CVE-2023-41871High7.12023-09-25Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions.
CVE-2025-24577Medium6.52025-04-17Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
CVE-2024-56295Medium6.52025-01-15Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
CVE-2021-34635Medium6.12021-08-02The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-sett…
CVE-2024-9462Medium5.52024-10-26The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions…
CVE-2025-47545Medium5.32025-05-07Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Ra…
CVE-2024-56277Medium5.32025-01-21Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through < 5.5.5.
CVE-2023-45766Medium5.32025-01-02Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
CVE-2023-50904Medium5.32024-12-09Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
CVE-2024-3601Medium5.32024-05-02The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll…
CVE-2024-9874Medium4.92024-11-09The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all v…
CVE-2024-9475Medium4.92024-10-26The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versi…
CVE-2024-13602Medium4.82025-03-16The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perfor…
CVE-2022-1456Medium4.82022-05-30The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store…
CVE-2023-34013Medium4.42023-11-13Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll…
CVE-2024-12115Medium4.32024-12-07The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includi…