Primary

Context

WordPress Poll Maker Improper Output Encoding Vulnerability Allowing Content Injection

Vulnerability

Patched

A vulnerability exists in the WordPress Poll Maker plugin, specifically in versions prior to 5.5.5, due to improper encoding or escaping of output. This flaw allows for content injection, where a malicious actor could insert their own content into the pages and posts of a WordPress site. Such an injection could be exploited to add phishing pages, for example.

Impact

Exploitation of this vulnerability could lead to unauthorized content being injected into a WordPress site's pages or posts, with the potential to create phishing pages on the site.

Remediation

Users of the WordPress Poll Maker plugin should update to version 5.5.5 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Poll Maker Improper Output Encoding Vulnerability Allowing Content Injection

Vulnerability

Impact

Remediation

Affected Products

Poll Maker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating