Poll, Survey, Form & Quiz Maker by OpinionStage < 19.6.25 – Unauthenticated Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Affects Plugins

social-polls-by-opinionstage

Fixed in 19.6.25

References

URL

https://www.pluginvulnerabilities.com/2019/09/16/hackers-may-already-be-targeting-this-persistent-xss-vulnerability-in-poll-survey-form-quiz-maker-by-opinionstage/

URL

https://plugins.trac.wordpress.org/changeset/2158590/social-polls-by-opinionstage

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Verified

No

WPVDB ID

4ed1edd6-3813-44a3-bee7-f07c1774b679

Timeline

Publicly Published

2019-09-16 (about 6 years ago)

Added

2020-02-20 (about 5 years ago)

Last Updated

2020-02-21 (about 5 years ago)

Other

Published

Title

Published

2025-08-14

Title

JetElements For Elementor < 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-04-17

Title

Memberpress < 1.12.0 - Reflected Cross-Site Scripting

Published

2024-02-15

Title

Widgets Controller <= 1.1 - Unauthenticated Cross-Site Scripting

Published

2025-12-03

Title

Autoptimize < 3.1.14 - Contributor+ Stored XSS

Published

2024-03-29

Title

List category posts < 0.89.7 - Contributor+ Stored XSS