cleantalk
Vulnerabilities and Security Researches

Poll Maker – Best WordPress Poll Plugin, CVE-2024-13602

CVE, Research URL

CVE-2024-13602

Home page URL

Security reports for Poll Maker – Best WordPress Poll Plugin

Application

Poll Maker – Best WordPress Poll Plugin

Published on
Mar 16, 2025
Research Description
The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 5.5.4.
Status
vulnerable
Previous vulnerability researches
Poll Maker – Best WordPress Poll Plugin (CVE-2023-50904) , Jun 10, 2024
Poll Maker – Best WordPress Poll Plugin (CVE-2024-56295) , Jan 17, 2025
Poll Maker – Best WordPress Poll Plugin (CVE-2024-9462) , Oct 27, 2024
Poll Maker – Best WordPress Poll Plugin (CVE-2024-9475) , Oct 27, 2024
Poll Maker – Best WordPress Poll Plugin (CVE-2024-56277) , Jan 23, 2025
New vulnerability
ServerBuddy by PluginBuddy.com (CVE-2025-49895) , Aug 18, 2025
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2025-49869) , Aug 18, 2025
EventON (CVE-2025-8091) , Aug 18, 2025
Add Custom Codes – Insert Header, Footer, Custom Code Snippets, Custom CSS, Javascript (CVE-2025-30975) , Aug 18, 2025
Linux Promotional Plugin (CVE-2025-7668) , Aug 17, 2025