VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 3 known issues Latest disclosed Aug 26, 2020

WordPress Poll Vulnerabilities

Review known vulnerability records for the WordPress plugin WordPress Poll (`cardoza-wordpress-poll`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2020-24315, CVE-2013-1400 and CVE-2013-1401, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
3
High or Critical
3
Patch Coverage
100%
Last Updated
Jan 22, 2024
Priority CVE Quick Links

Fast paths into WordPress Poll CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
3
CVE-2013-1400 Critical 34.06
CVE-2013-1400 WordPress Poll SQL Injection

WordPress Poll < 34.06 - SQL Injection

CVE-2013-1401 Critical 34.06
CVE-2013-1401 WordPress Poll SQL Injection

WordPress Poll <= 34.05 - SQL Injection

CVE-2020-24315 High No patch listed
CVE-2020-24315 WordPress Poll SQL Injection

WordPress Poll <= 36 - SQL Injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WordPress Poll so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
3 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
2 critical and 1 high severity finding.
Recent CVEs
CVE-2020-24315, CVE-2013-1400 and CVE-2013-1401
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for WordPress Poll

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: No CVE-2020-24315
CVE-2020-24315: WordPress Poll <= 36 - SQL Injection

The Poll Plugin for WordPress is vulnerable to blind SQL Injection via the 'pollid' parameter in versions up to, and including, 36 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Published
Aug 26, 2020
Patched Release
Not published
Affected Versions
Versions up to 36
Next Step
Open the full report for remediation notes and references.
Open CVE-2020-24315 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2013-1400
CVE-2013-1400: WordPress Poll < 34.06 - SQL Injection

Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.

Published
Jan 21, 2013
Patched Release
34.06
Affected Versions
Versions up to 34.05
Next Step
Update to 34.06 or newer if supported.
Open CVE-2013-1400 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2013-1401
CVE-2013-1401: WordPress Poll <= 34.05 - SQL Injection

Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.05 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.

Published
Jan 21, 2013
Patched Release
34.06
Affected Versions
Versions up to 34.05
Next Step
Update to 34.06 or newer if supported.
Open CVE-2013-1401 Report Open CVE Reference