The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup).
2025-05-15T20:15:59.967
2025-06-04T16:31:03.757
Analyzed
CVSSv3.1: 5.4 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | codepeople | polls_cp | < 1.0.77 | Yes |