Vulnerabilities and security researches forpolldaddy polldaddy
Direction: ascendingJun 07, 2024
Crowdsignal Dashboard – Polls, Surveys & more # CVE-2014-4856
- CVE, Research URL
- Date
- Jul 10, 2014
- Research Description
- Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party information.
- Affected versions
-
max 2.0.25.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # CVE-2022-2386
- CVE, Research URL
- Date
- Aug 08, 2022
- Research Description
- The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
- Affected versions
-
max 3.0.8.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # CVE-2022-45069
- CVE, Research URL
- Date
- Nov 18, 2022
- Research Description
- Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.
- Affected versions
-
max 3.0.10.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # CVE-2023-51489
- CVE, Research URL
- Date
- Mar 16, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11.
- Affected versions
-
max 3.1.0.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # CVE-2023-51488
- CVE, Research URL
- Date
- Feb 10, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11.
- Affected versions
-
max 3.1.0.
- Status
-
vulnerable
Sep 27, 2024
Crowdsignal Dashboard – Polls, Surveys & more # CVE-2024-43338
- CVE, Research URL
- Date
- Nov 19, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Automattic Crowdsignal Dashboard – Polls, Surveys & more polldaddy allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through <= 3.1.3.
- Affected versions
-
max 3.1.4.
- Status
-
vulnerable
Jun 16, 2026
Crowdsignal Dashboard – Polls, Surveys & more # d796221c8f4ff160c1fde983ff9c0da466a3c3f3
- CVE, Research URL
- Date
- Nov 06, 2013
- Research Description
- Crowdsignal Dashboard – Polls, Surveys & more [polldaddy] < 2.0.21 Crowdsignal Dashboard < 2.0.21 - Cross-Site Request Forgery The Crowdsignal Dashboard – Polls, Surveys & more plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 2.0.21. This is due to missing or incorrect nonce validation in the rating_settings function. This makes it possible for unauthenticated attackers to have an unknown impact via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 2.0.21.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # c4f5b447-b1ba-46bc-bbf8-dec97e2dbec6
- CVE, Research URL
- Date
- -
- Research Description
- Crowdsignal Dashboard – Polls, Surveys & more [polldaddy] < 2.0.21 Polldaddy Polls & Ratings 2.0.20 - Cross-Site Request Forgery The Crowdsignal Polls & Ratings WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability.
- Affected versions
-
max 2.0.21.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # 35737840-268a-4ee9-92f8-3a5dd010c196
- CVE, Research URL
- Date
- -
- Research Description
- Crowdsignal Dashboard – Polls, Surveys & more [polldaddy] < 2.0.32 Polldaddy Polls & Ratings <= 2.0.31 - Shortcode Stored Cross-Site Scripting (XSS) Similar issue to the one in Jetpack's Polldaddy module.
- Affected versions
-
max 2.0.32.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # adfc32dc4a3da3cb20609881607f6d5e2873ca32
- CVE, Research URL
- Date
- May 15, 2015
- Research Description
- Crowdsignal Dashboard – Polls, Surveys & more [polldaddy] < 2.0.24 WordPress Polldaddy Polls & Ratings Plugin <= 2.0.23 - Reflected XSS This plugin is prone to a reflected cross site scripting vulnerability in polldaddy-org.php polldaddy-ratings-title-filter parameter. Upgrade the plugin.
- Affected versions
-
max 2.0.24.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # a79df87447b00d8aabcd06ebdd31682481b0a0e4
- CVE, Research URL
- Date
- May 26, 2016
- Research Description
- Crowdsignal Dashboard – Polls, Surveys & more [polldaddy] < 2.0.32 Crowdsignal Dashboard – Polls, Surveys & more <= 2.0.31 - Stored Cross-Site scripting The Crowdsignal Dashboard – Polls, Surveys & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll content in versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.0.32.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # e1e608d932ae973dc4f9915f88c48ced7eb74add
- CVE, Research URL
- Date
- May 26, 2016
- Research Description
- Crowdsignal Dashboard – Polls, Surveys & more [polldaddy] < 2.0.32 WordPress Polldaddy Polls & Ratings Plugin <= 2.0.31 - Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Upgrade this plugin.
- Affected versions
-
max 2.0.32.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # cf3e7f88-e35c-4367-bbc9-4594e4e93b4d
- CVE, Research URL
- Date
- -
- Research Description
- Crowdsignal Dashboard – Polls, Surveys & more [polldaddy] < 2.0.24 Polldaddy Polls & Rating 2.0.23 - polldaddy-org.php polldaddy-ratings-title-filter Parameter Reflected XSS The Crowdsignal Polls & Ratings WordPress plugin was affected by a polldaddy-org.php polldaddy-ratings-title-filter Parameter Reflected XSS security vulnerability.
- Affected versions
-
max 2.0.24.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # 5863cd07827046fb85842e7b72c73715b49ad21e
- CVE, Research URL
- Date
- May 15, 2015
- Research Description
- Crowdsignal Dashboard – Polls, Surveys & more [polldaddy] < 2.0.21 WordPress Polldaddy Polls & Ratings Plugin <= 2.0.20 - Cross Site Request Forgery This plugin is prone to a cross site request forgery vulnerability. Upgrade the plugin.
- Affected versions
-
max 2.0.21.
- Status
-
vulnerable
Crowdsignal Dashboard – Polls, Surveys & more # b732c59dbc8814112a721c04961233c80cbdd4e3
- CVE, Research URL
- Date
- Aug 01, 2014
- Research Description
- Crowdsignal Dashboard – Polls, Surveys & more [polldaddy] < 2.0.24 Polldaddy Polls & Rating < 2.0.24 - Reflected Cross-Site Scripting The Polldaddy Polls & Rating for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘polldaddy-ratings-title-filter’ parameter in versions up to, and including, 2.0.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 2.0.24.
- Status
-
vulnerable