WordPress Plugin Vulnerabilities

YOP Poll <= 6.0.2 - Cross-Site Scripting (XSS)

Description

The YOP Poll WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
yop-poll
Fixed in 6.0.3

References

CVE
CVE-2019-9914
URL
https://security-consulting.icu/blog/2019/02/wordpress-yop-poll-xss/
URL
https://lists.openwall.net/full-disclosure/2019/02/05/15

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Tim Coen
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
a004f360-e8cd-456a-8236-e662128deefb

Timeline

Publicly Published
2019-02-05 (about 5 years ago)
Added
2019-03-22 (about 5 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2019-09-27
Title
Zoner < 4.2 - Persistent XSS & IDOR
Published
2023-10-12
Title
Embed Calendly < 3.7 Contributor+ Stored XSS
Published
2022-03-29
Title
LayerSlider < 7.1.2 - Admin+ Stored Cross-Site Scripting
Published
2023-03-14
Title
Embed Any Document < 2.7.2 - Author+ Stored XSS
Published
2023-10-02
Title
Contractor Contact Form Website to Workflow Tool < 4.1.0 - Reflected XSS