WordPress Plugin Vulnerabilities

Polldaddy Polls & Ratings <= 2.0.31 - Shortcode Stored Cross-Site Scripting (XSS)

Description

Similar issue to the one in Jetpack's Polldaddy module.

Affects Plugins

Plugin icon
polldaddy
Fixed in 2.0.32

References

URL
https://wordpress.org/plugins/polldaddy/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Anonymous
Verified
No
WPVDB ID
35737840-268a-4ee9-92f8-3a5dd010c196

Timeline

Publicly Published
2016-05-26 (about 9 years ago)
Added
2016-05-28 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-09-17
Title
Ghost Kit < 3.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-10-21
Title
SM CountDown Widget <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-07
Title
Responsive Flickr Slideshow < 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-05-19
Title
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library
Published
2026-02-13
Title
MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode