cleantalk
Vulnerabilities and Security Researches

WP Voting Contest Lite, CVE-2022-0321

CVE, Research URL

CVE-2022-0321

Home page URL

Security reports for WP Voting Contest Lite

Application

WP Voting Contest Lite

Published on
Mar 14, 2022
Research Description
The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
Affected versions
Min -, max 3.0.
Status
vulnerable
Previous vulnerability researches
WP Voting (CVE-2025-49057) , Aug 16, 2025
WP Voting Contest Lite (CVE-2022-0321) , Jun 07, 2024
WP Voting Contest Lite (CVE-2025-50017) , Jun 25, 2025
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest (CVE-2024-31240) , Jun 07, 2024
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest (CVE-2024-32514) , Jun 07, 2024
New vulnerability
Linux Promotional Plugin (CVE-2025-7668) , Aug 17, 2025
Poll Maker – Best WordPress Poll Plugin (CVE-2024-12575) , Aug 17, 2025
Add User Meta (CVE-2025-7688) , Aug 17, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-8896) , Aug 17, 2025
RSS Feed Pro (CVE-2025-53581) , Aug 17, 2025