Lucene search
0x23.soWPEX-ID:1F41FC5C-18D0-493D-9A7D-8B521AB49F85HistoryMay 04, 2022 - 12:00 a.m.
Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
2022-05-0400:00:00
0x23.so
80
poll maker
admin+
stored
cross-site scripting
mailchimp integration
exploit
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed
Put the following payload in any of the Mailchimp integration settings (/wp-admin/admin.php?page=poll-maker-ays-settings&ays_poll_tab=tab2) and save: "><img src onerror=alert(/XSS/)>Related
prion
prion
Cross site scripting
2022-05-30 09:15:00
wpvulndb
wpvulndb
Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
2022-05-04 00:00:00
cve
cve
CVE-2022-1456
2022-05-30 09:15:09
cvelist
cvelist
CVE-2022-1456 Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
2022-05-30 08:35:47
nvd
nvd
CVE-2022-1456
2022-05-30 09:15:09