Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5.
Fixes

Solution

Update the WordPress Poll Maker wordpress plugin to the latest available version (at least 5.6.6).


Workaround

No workaround given by the vendor.

History

Wed, 21 May 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Ays-pro
Ays-pro poll Maker
CPEs cpe:2.3:a:ays-pro:poll_maker:*:*:*:*:free:wordpress:*:*
Vendors & Products Ays-pro
Ays-pro poll Maker

Tue, 25 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 25 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5.
Title WordPress Poll Maker <= 5.6.5 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2025-02-25T19:15:00.546Z

Reserved: 2025-02-17T11:51:40.974Z

Link: CVE-2025-26971

cve-icon Vulnrichment

Updated: 2025-02-25T14:53:17.111Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-25T15:15:30.017

Modified: 2025-05-21T17:08:29.543

Link: CVE-2025-26971

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.