cleantalk
Vulnerabilities and Security Researches

YOP Poll, CVE-2021-24834

CVE, Research URL

CVE-2021-24834

Home page URL

Security reports for YOP Poll

Application

YOP Poll

Published on
Nov 17, 2021
Research Description
The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of custom label parameters - vote button label , results link label and back to vote caption label.
Affected versions
max 6.3.5.
Status
vulnerable
Previous vulnerability researches
YOP Poll (CVE-2023-46611) , Jun 10, 2024
YOP Poll (CVE-2021-24885) , Jun 06, 2024
YOP Poll (CVE-2021-24454) , Jun 06, 2024
YOP Poll (CVE-2019-9914) , Jun 06, 2024
YOP Poll (CVE-2017-2127) , Jun 06, 2024
New vulnerability
Greenshift – animation and page builder blocks (CVE-2025-11841) , Nov 11, 2025
Range Slider AddOn for Gravity Forms (CVE-2025-49905) , Nov 11, 2025
YOP Poll (CVE-2025-62040) , Nov 11, 2025
Insert Headers and Footers Code – HT Script (CVE-2025-12112) , Nov 11, 2025
Easy Appointments (CVE-2025-49398) , Nov 11, 2025