Vulnerabilities (CVE)

Filtered by vendor Ays-pro Subscribe

Filtered by product Poll Maker

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-1456	1 Ays-pro	1 Poll Maker	2022-06-08	3.5 LOW	4.8 MEDIUM
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed
CVE-2021-34635	1 Ays-pro	1 Poll Maker	2021-08-11	4.3 MEDIUM	6.1 MEDIUM
The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8.