WordPress Plugin Vulnerabilities
WP-Polls <= 2.70 - Stored Cross-Site Scripting (XSS)
Description
The /wp-admin/admin.php?page=wp-polls%2Fpolls-add.php page is vulnerable to XSS within the pollq_question and polla_answers[] parameters.
Proof of Concept
Add a new poll with the question or answer as <svg onload="alert(/1/)">
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Submitter
ptsx
Verified
No
WPVDB ID
Timeline
Publicly Published
2015-08-14 (about 8 years ago)
Added
2015-08-25 (about 8 years ago)
Last Updated
2019-10-22 (about 4 years ago)