Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8851


The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup).


Published

2025-05-15T20:15:59.967

Last Modified

2025-06-04T16:31:03.757

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-79

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application codepeople polls_cp < 1.0.77 Yes

References