Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 23 known issues Latest disclosed Nov 12, 2025

Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls Vulnerabilities

Q: How many Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls vulnerabilities have patch guidance?

23 of 23 tracked Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls records include a published patch path.

Review known vulnerability records for the WordPress plugin Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls (`poll-maker`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-12620, CVE-2025-57954 and CVE-2024-12575, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Nov 13, 2025

Priority CVE Quick Links

Fast paths into Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2021-24651 High 3.4.2

CVE-2021-24651 Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls SQL Injection

Poll Maker < 3.4.2 - Unauthenticated SQL Injection

CVE-2024-3600 High 5.1.9

CVE-2024-3600 Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls Stored Cross-Site Scripting

Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting

CVE-2021-24483 High 3.2.1

CVE-2021-24483 Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls SQL Injection

Poll Maker <= 3.2.0 - SQL Injection

CVE-2024-56295 Medium 5.5.7

CVE-2024-56295 Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls Vulnerability

Poll Maker <= 5.5.6 - Missing Authorization

CVE-2025-24577 Medium 5.5.1

CVE-2025-24577 Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls Vulnerability

Poll Maker <= 5.5.0 - Missing Authorization

CVE-2025-57954 Medium 6.0.3

CVE-2025-57954 Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls Stored Cross-Site Scripting

Poll Maker <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2023-41871 Medium 4.7.1

CVE-2023-41871 Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls Cross-Site Scripting

Poll Maker <= 4.7.0 - Reflected Cross-Site Scripting

CVE-2021-34635 Medium 3.2.9

CVE-2021-34635 Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls Cross-Site Scripting

Poll Maker <= 3.2.8 – Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

23 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 3 high severity findings.

Recent CVEs

CVE-2025-12620, CVE-2025-57954 and CVE-2024-12575

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-12620 Medium Patch path listed

CVE-2025-12620: Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 6.0.7 - Authenticated (Administrator+) SQL Injection via `filterbyauthor` Parameter

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and includin...

Published

Nov 12, 2025

Patch Status

6.0.8

Open CVE-2025-12620 Report

CVE-2025-57954 Medium Patch path listed

CVE-2025-57954: Poll Maker <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Poll Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This make...

Published

Sep 22, 2025

Patch Status

6.0.3

Open CVE-2025-57954 Report

CVE-2024-12575 Medium Patch path listed

CVE-2024-12575: Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_p...

Published

Aug 15, 2025

Patch Status

5.9.0

Open CVE-2024-12575 Report

Known Vulnerabilities

Reports for Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-12620

CVE-2025-12620: Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 6.0.7 - Authenticated (Administrator+) SQL Injection via `filterbyauthor` Parameter

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficien...

Published

Nov 12, 2025

Patched Release

6.0.8

Affected Versions

Versions up to 6.0.7

Next Step

Update to 6.0.8 or newer if supported.

Open CVE-2025-12620 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-57954

CVE-2025-57954: Poll Maker <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Poll Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inj...

Published

Sep 22, 2025

Patched Release

6.0.3

Affected Versions

Versions up to 6.0.2

Next Step

Update to 6.0.3 or newer if supported.

Open CVE-2025-57954 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-12575

CVE-2024-12575: Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin e...

Published

Aug 15, 2025

Patched Release

5.9.0

Affected Versions

Versions up to 5.8.9

Next Step

Update to 5.9.0 or newer if supported.

Open CVE-2024-12575 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-47545

CVE-2025-47545: Poll Maker <= 5.7.7 - Unauthenticated Race Condition to Multi-Vote

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to a Race Condition in all versions up to, and including, 5.7.7. This is due to the plugin not properly restricting a user's ability to fill out a poll multiple times.. This makes it po...

Published

May 07, 2025

Patched Release

5.7.8

Affected Versions

Versions up to 5.7.7

Next Step

Update to 5.7.8 or newer if supported.

Open CVE-2025-47545 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-13602

CVE-2024-13602: Poll Maker <= 5.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for auth...

Published

Feb 23, 2025

Patched Release

5.5.4

Affected Versions

Versions up to 5.5.3

Next Step

Update to 5.5.4 or newer if supported.

Open CVE-2024-13602 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-26971

CVE-2025-26971: Poll Maker <= 5.6.5 - Authenticated (Administrator+) SQL Injection

The Poll Maker plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...

Published

Feb 23, 2025

Patched Release

5.6.6

Affected Versions

Versions up to 5.6.5

Next Step

Update to 5.6.6 or newer if supported.

Open CVE-2025-26971 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-56277

CVE-2024-56277: Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.5.4 - Unauthenticated HTML Injection

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.5.4. This is due to the software not properly sanitizing or escaping data added to polls. This makes it possible for unauthenti...

Published

Jan 03, 2025

Patched Release

5.5.5

Affected Versions

Versions up to 5.5.4

Next Step

Update to 5.5.5 or newer if supported.

Open CVE-2024-56277 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-56295

CVE-2024-56295: Poll Maker <= 5.5.6 - Missing Authorization

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.6. This makes it possible for unauthenticated attackers to perform an un...

Published

Jan 03, 2025

Patched Release

5.5.7

Affected Versions

Versions up to 5.5.6

Next Step

Update to 5.5.7 or newer if supported.

Open CVE-2024-56295 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-24577

CVE-2025-24577: Poll Maker <= 5.5.0 - Missing Authorization

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.0. This makes it possible for unauthenticated attackers to perform an un...

Published

Dec 15, 2024

Patched Release

5.5.1

Affected Versions

Versions up to 5.5.0

Next Step

Update to 5.5.1 or newer if supported.

Open CVE-2025-24577 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-12115

CVE-2024-12115: Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible...

Published

Dec 06, 2024

Patched Release

5.5.5

Affected Versions

Versions up to 5.5.4

Next Step

Update to 5.5.5 or newer if supported.

Open CVE-2024-12115 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-9874

CVE-2024-9874: WordPress Poll Maker Plugin <= 5.4.6 - Authenticated (Administrator+) Time-Based SQL Injection

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient pr...

Published

Nov 08, 2024

Patched Release

5.4.7

Affected Versions

Versions up to 5.4.6

Next Step

Update to 5.4.7 or newer if supported.

Open CVE-2024-9874 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-9462

CVE-2024-9462: Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Poll Settings

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authe...

Published

Oct 25, 2024

Patched Release

5.4.7

Affected Versions

Versions up to 5.4.6

Next Step

Update to 5.4.7 or newer if supported.

Open CVE-2024-9462 Report Open CVE Reference