Ays Pro Poll Maker vulnerabilities
7 known vulnerabilities affecting ays_pro/poll_maker.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1UNKNOWN2
Vulnerabilities
Page 1 of 1
CVE-2025-57954UNKNOWN≤ 6.0.22025-09-22
CVE-2025-57954 CWE-79 CVE-2025-57954: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker poll-maker allows DOM-Based XSS.This issue affects Poll Maker: from n/a through <= 6.0.2.
cvelistv5nvd
CVE-2025-47545HIGHCVSS 8.1≤ 5.7.72025-05-07
CVE-2025-47545 [HIGH] CWE-362 CVE-2025-47545: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerab
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Race Conditions.This issue affects Poll Maker: from n/a through <= 5.7.7.
cvelistv5nvd
CVE-2025-24577CRITICALCVSS 9.8≤ 5.5.02025-04-17
CVE-2025-24577 [CRITICAL] CWE-862 CVE-2025-24577: Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly C
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.0.
cvelistv5nvd
CVE-2025-26971CRITICALCVSS 9.8≤ 5.6.52025-02-25
CVE-2025-26971 [CRITICAL] CWE-89 CVE-2025-26971: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.This issue affects Poll Maker: from n/a through <= 5.6.5.
cvelistv5nvd
CVE-2024-56277UNKNOWN≤ 5.5.52025-01-21
CVE-2024-56277 CWE-116 CVE-2024-56277: Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue af
Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through < 5.5.5.
cvelistv5nvd
CVE-2024-56295MEDIUMCVSS 6.5≤ 5.5.62025-01-15
CVE-2024-56295 [MEDIUM] CWE-862 CVE-2024-56295: Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly C
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.6.
cvelistv5nvd
CVE-2021-24483HIGHCVSS 7.2≥ 3.2.1, < 3.2.12021-08-02
CVE-2021-24483 [HIGH] CWE-89 CVE-2021-24483: The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugi
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
cvelistv5nvd