WordPress Plugin Vulnerabilities

WP-Polls <= 2.73 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The WP-Polls WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-polls
Fixed in 2.73.1

References

CVE
CVE-2016-1093
URL
https://www.netsparker.com/web-applications-advisories/ns-16-009-reflected-xss-vulnerability-identified-in-wp-polls-2-73/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
ac56379d-01fc-413b-bddd-cdb02ccae810

Timeline

Publicly Published
2016-07-29 (about 9 years ago)
Added
2016-07-29 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-07-15
Title
Robokassa payment gateway for Woocommerce <= 1.8.1 - Reflected Cross-Site Scripting
Published
2025-01-24
Title
Ask Me Anything (Anonymously) <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-11-13
Title
Booking Calendar < 10.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-09-20
Title
WP Event Manager < 3.1.38 - Admin+ Stored XSS
Published
2024-07-05
Title
WS Contact Form < 1.3.8 - Admin+ Stored XSS