cleantalk
Vulnerabilities and Security Researches

WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress, CVE-2024-12528

CVE, Research URL

CVE-2024-12528

Home page URL

Security reports for WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress

Application

WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress

Published on
Jan 07, 2025
Research Description
The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.7.5.
Status
vulnerable
Previous vulnerability researches
WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress (CVE-2021-47941) , May 13, 2026
WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress (CVE-2015-2090) , Jun 06, 2024
WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress (CVE-2024-12528) , Jan 08, 2025
WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress (CVE-2024-13596) , Feb 01, 2025
New vulnerability
WP Google Maps Integration (CVE-2026-7464) , May 13, 2026
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2026-5371) , May 13, 2026
bunny.net – WordPress CDN Plugin (CVE-2025-68049) , May 13, 2026
BJ Lazy Load (CVE-2026-2300) , May 13, 2026
WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress (CVE-2021-47941) , May 13, 2026