CVE-2025-12620

Name of the Vulnerable Software and Affected Versions The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress versions through 6.0.7

Description The software is susceptible to a SQL Injection issue due to inadequate input sanitization and query preparation. Specifically, the filterbyauthor parameter is not properly escaped, allowing authenticated attackers with Administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database.

Recommendations Versions prior to 6.0.7 should be updated to address the issue.