cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-survey-and-poll wp-survey-and-poll

Direction: descending
May 13, 2026

WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress # CVE-2021-47941

CVE, Research URL

CVE-2021-47941

Home page URL

Security reports for WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress

Application

WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress

Date
May 10, 2026
Research Description
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database information including usernames, passwords, and other confidential data from the WordPress database.
Affected versions
max 1.5.7.3.
Status
vulnerable
Feb 01, 2025

WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress # CVE-2024-13596

CVE, Research URL

CVE-2024-13596

Home page URL

Security reports for WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress

Application

WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress

Date
Jan 30, 2025
Research Description
The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey' shortcode in all versions up to, and including, 1.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 1.7.5.
Status
vulnerable
Jan 08, 2025

WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress # CVE-2024-12528

CVE, Research URL

CVE-2024-12528

Home page URL

Security reports for WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress

Application

WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress

Date
Jan 07, 2025
Research Description
The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.7.5.
Status
vulnerable
Jun 06, 2024

WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress # CVE-2015-2090

CVE, Research URL

CVE-2015-2090

Home page URL

Security reports for WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress

Application

WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress

Date
Feb 26, 2015
Research Description
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.
Affected versions
max 1.2.
Status
vulnerable