CVE-2022-1456

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 57.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Poll Maker Ays-pro Poll Maker

Timeline

PublishedMay 30

Latest updateMay 31

Description

The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/poll_maker4.0.2 — 4.0.2

▶NVDays-pro/poll_maker< 4.0.2

🔴Vulnerability Details

GHSA

GHSA-qf4c-h9q9-5mc4: The Poll Maker WordPress plugin before 4↗2022-05-31

▶

CVEList

Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting↗2022-05-30

▶