Approved changes feed: RSS · Atom
cpe:2.3:a:codepeople:polls_cp:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Codepeople (f85d1a73-9b3f-50b5-b09d-cd136586594b) |
|---|---|
| Product | Polls Cp (fa4d112c-51f6-5248-8ae6-1303ad175aa3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/cp-polls |
purl2cpe | 2026-06-01 10:10:56.624251 |
pkg:github/wpplugins/cp-polls |
purl2cpe | 2026-06-01 10:10:56.624253 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8854 |
vulnerable | 2026-06-03 14:58:19.627910 |
Polls CP <= 1.0.75 - Admin+ Stored XSS via Custom Styles
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup).
Published: 2025-05-15T20:07:19.175Z
Updated: 2025-05-16T20:39:15.480Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8851 |
vulnerable | 2026-06-03 14:58:19.617640 |
Polls CP <= 1.0.75 - Admin+ Stored Cross-Site Scripting
The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup).
Published: 2025-05-15T20:07:18.942Z
Updated: 2025-05-16T20:40:18.451Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24874 |
vulnerable | 2026-06-03 14:55:05.982321 |
WordPress Polls CP plugin <= 1.0.71 - Content Injection vulnerability
MEDIUM (5.3)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71.
Published: 2024-05-17T08:23:36.429Z
Updated: 2026-04-28T16:09:11.188Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24873 |
vulnerable | 2026-06-03 14:55:05.979909 |
WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability
MEDIUM (5.3)
: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71.
Published: 2024-05-17T08:24:16.872Z
Updated: 2026-04-28T16:09:11.029Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-9346 |
vulnerable | 2026-06-03 14:35:19.649323 |
Details available
The cp-polls plugin before 1.0.5 for WordPress has XSS.
Published: 2019-08-27T11:49:53.000Z
Updated: 2024-08-06T08:43:42.637Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-10395 |
vulnerable | 2026-06-03 14:33:40.990366 |
Details available
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.
Published: 2019-08-27T11:50:55.000Z
Updated: 2024-08-06T14:10:55.565Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.