WordPress Poll Maker Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The Poll Maker Plugin is an application plugin for WordPress. A security vulnerability exists in versions of the WordPress Poll Maker Plugin prior to 3.2.1, which stems from the use of the get_poll_ categories(), get_polls(), and get_reports() functions in the plugin in the SQL statement passed to the get_results() DB call. categories(), get_polls(), and get_reports() functions in the plugin fail to use whitelisting or validation before using the orderby parameter in the SQL statement passed to the get_results() DB call. An attacker could exploit this vulnerability to steal sensitive database information with an injected SQL statement in the administration dashboard.