Toby Jackson

**Name of the Vulnerable Software and Affected Versions** Poll, Survey, Questionnaire and Voting system WordPress plugin versions prior to 1.5.3 **Description** The issue allows unauthenticated users to perform SQL Injection attacks due to the lack of sanitization, escaping, or validation of the `date answers[]` POST parameter when sending a Poll result. **Recommendations** For versions prior to 1.5.3, update to version 1.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Poll result functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** YOP Poll WordPress plugin versions prior to 6.2.8 **Description** The issue arises when a poll is created with specific options, leading to Stored Cross-Site Scripting issues. This occurs because the 'Other' answer is not sanitized before being output on the page. The execution of the XSS payload depends on the 'Show results' option, which could be before or after sending the vote. **Recommendations** For YOP Poll WordPress plugin versions prior to 6.2.8, update to version 6.2.8 or later to resolve the issue. As a temporary workaround, consider disabling the 'Allow other answers' and 'Display other answers in the result list' options to minimize the risk of exploitation. Restrict access to polls with the 'Show results' option enabled until the issue is resolved.