CVE-2022-1456: Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
First published: Mon May 30 2022(Updated: )
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ays-pro Poll Maker | <4.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Poll Maker WordPress plugin vulnerability?
The vulnerability ID for the Poll Maker WordPress plugin vulnerability is CVE-2022-1456.
What is the severity of CVE-2022-1456?
The severity of CVE-2022-1456 is medium with a severity value of 4.8.
What does the Poll Maker WordPress plugin vulnerability allow?
The Poll Maker WordPress plugin vulnerability allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Which version of the Poll Maker WordPress plugin is affected by CVE-2022-1456?
The version affected by CVE-2022-1456 is up to but excluding version 4.0.2 of the Poll Maker WordPress plugin.
Is there any reference or source for more information about CVE-2022-1456?
Yes, you can find more information about CVE-2022-1456 at this reference link: https://wpscan.com/vulnerability/1f41fc5c-18d0-493d-9a7d-8b521ab49f85
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/author
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- vendor/ays-pro
- canonical/ays-pro poll maker