CVE-2022-0205

CVE-2022-0205: YOP Poll < 6.3.5 - Author+ Stored Cross-Site Scripting

Vendor Unknown
Product YOP Poll
Weakness CWE-79 · XSS
Published March 7, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue

Key dates

02Disclosure timeline

March 7, 2022 CVE published
August 2, 2024 Record updated