WordPress Plugin Vulnerabilities

WordPress Poll <= 34.05 - SQL Injection

Description

The WordPress Poll WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
cardoza-wordpress-poll
Fixed in 34.06

References

CVE
CVE-2013-1400
URL
https://packetstormsecurity.com/files/#119736/
URL
https://seclists.org/bugtraq/2013/Jan/86

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
d1ac2780-d66b-4b4a-803d-7a3e358890a2

Timeline

Publicly Published
2013-01-21 (about 13 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2022-05-30
Title
Better Find and Replace < 1.3.6 - Admin+ SQLi
Published
2025-04-16
Title
Ultimate Member < 2.10.2 - Unauthenticated Blind SQL Injection
Published
2015-08-20
Title
Master Slider < 2.5.2 - Authenticated Blind SQL Injection
Published
2023-01-24
Title
LearnPress Plugin < 4.2.0 - Unauthenticated SQLi
Published
2023-11-29
Title
MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection