Does Polls CP have any unpatched vulnerabilities?

No. All known vulnerabilities in Polls CP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Polls CP compatible with WordPress 6.9.4?

According to WordPress.org data, Polls CP 1.0.82 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Polls CP updated?

Polls CP was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is Polls CP's security score?

Polls CP has a WP-Safety security score of 94/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Polls CP Security & Risk Analysis

wordpress.org/plugins/cp-polls

Create classic polls and advanced polls with dependant questions. Voting / survey system.

500 active installs v1.0.82 PHP + WP 3.0.5+ Updated Dec 11, 2025

pollpollssurveyvotevoting

A · Safe

CVEs total9

Unpatched0

Last CVEJun 19, 2025

Plugin page Download

Safety Verdict

Is Polls CP Safe to Use in 2026?

Generally Safe

Score 94/100

Polls CP has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Jun 19, 2025Updated 3mo ago

Risk Assessment

The "cp-polls" plugin v1.0.82 presents a mixed security posture. While it demonstrates good practices in some areas, such as having all its identified entry points protected by authorization checks and utilizing prepared statements for a majority of its SQL queries, several concerning signals exist. The presence of the `unserialize` function is a significant red flag, as it can be a vector for remote code execution if not handled with extreme care and proper input validation. Furthermore, the taint analysis revealed two flows with unsanitized paths, indicating potential injection vulnerabilities despite the absence of critical severity findings in this specific analysis.

The plugin's vulnerability history is a more concerning indicator. A total of 9 known CVEs, with one high and eight medium severity, point to a pattern of recurring security weaknesses. The common vulnerability types, including Authorization Bypass, various forms of Injection, and Cross-site Scripting, suggest fundamental issues with how user input is handled and validated. The fact that the last vulnerability was reported relatively recently (2025-06-19) suggests that the development team may struggle to maintain a consistently secure codebase. While the current version has no *currently* unpatched CVEs, the historical trend and the static analysis findings warrant caution.

Key Concerns

Dangerous function used: unserialize
Taint flow with unsanitized path (High Severity)
Taint flow with unsanitized path (High Severity)
High number of historical CVEs (9 total)
Historical vulnerability: 1 High Severity CVE
Historical vulnerabilities: 8 Medium Severity CVEs
Low output escaping rate (61%)
SQL queries not using prepared statements (40%)

Vulnerabilities

Polls CP Security Vulnerabilities

CVEs by Year

2 CVEs in 2014

2014

1 CVE in 2015

2015

5 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

9 total CVEs

CVE-2025-50025medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CP Polls <= 1.0.81 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 19, 2025 Patched in 1.0.82 (203d)

CVE-2024-47297medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CP Polls <= 1.0.74 - Reflected Cross-Site Scripting

Sep 24, 2024 Patched in 1.0.75 (9d)

CVE-2024-8851medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Polls CP <= 1.0.76 - Authenticated (Admin+) Stored Cross-Site Scripting

Sep 1, 2024 Patched in 1.0.77 (271d)

CVE-2024-8854medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Polls CP <= 1.0.76 - Authenticated (Admin+) Stored Cross-Site Scripting

Sep 1, 2024 Patched in 1.0.77 (271d)

CVE-2024-24873medium · 5.3Authorization Bypass Through User-Controlled Key

CP Polls <= 1.0.71 - Unauthenticated Poll Limit Bypass

Feb 5, 2024 Patched in 1.0.72 (4d)

CVE-2024-24874medium · 5.3Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CP Polls <= 1.0.71 - Unauthenticated Content Injection

Feb 5, 2024 Patched in 1.0.72 (4d)

CVE-2015-9346medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Polls CP < 1.0.5 - Cross-Site Scripting

May 20, 2015 Patched in 1.0.5 (3170d)

CVE-2014-125091high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Polls CP <= 1.0.1 - Authenticated SQL Injection

Nov 23, 2014 Patched in 1.0.2 (3364d)

CVE-2014-10395medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Polls CP < 1.0.1 - Cross-Site Scripting

Nov 20, 2014 Patched in 1.0.1 (3351d)

Version History

Polls CP Release Timeline

v1.0.82Current

v1.0.811 CVE

v1.0.801 CVE

v1.0.791 CVE

v1.0.781 CVE

v1.0.771 CVE

v1.0.763 CVEs

CVE-2025-50025 CVE-2024-8851 CVE-2024-8854

v1.0.753 CVEs

CVE-2025-50025 CVE-2024-8851 CVE-2024-8854

v1.0.744 CVEs

CVE-2025-50025 CVE-2024-8851 CVE-2024-47297 +1 more

v1.0.734 CVEs

CVE-2025-50025 CVE-2024-8851 CVE-2024-47297 +1 more

v1.0.724 CVEs

CVE-2025-50025 CVE-2024-8851 CVE-2024-47297 +1 more

v1.0.716 CVEs

CVE-2024-24873 CVE-2025-50025 CVE-2024-8851 +3 more

v1.0.706 CVEs

CVE-2024-24873 CVE-2025-50025 CVE-2024-8851 +3 more

v1.0.696 CVEs

CVE-2024-24873 CVE-2025-50025 CVE-2024-8851 +3 more

v1.0.686 CVEs

CVE-2024-24873 CVE-2025-50025 CVE-2024-8851 +3 more

v1.0.676 CVEs

CVE-2024-24873 CVE-2025-50025 CVE-2024-8851 +3 more

v1.0.666 CVEs

CVE-2024-24873 CVE-2025-50025 CVE-2024-8851 +3 more

v1.0.656 CVEs

CVE-2024-24873 CVE-2025-50025 CVE-2024-8851 +3 more

v1.0.646 CVEs

CVE-2024-24873 CVE-2025-50025 CVE-2024-8851 +3 more

v1.0.636 CVEs

CVE-2024-24873 CVE-2025-50025 CVE-2024-8851 +3 more

Code Analysis

Analyzed Mar 16, 2026

Polls CP Code Analysis

Dangerous Functions

Raw SQL Queries

27 prepared

Unescaped Output

195

302 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$posted_data = unserialize($events[$i]->posted_data);cp-admin-int-message-list.inc.php:176

unserialize$params = unserialize($item->posted_data);cp-admin-int-report.inc.php:58

unserialize$params = unserialize($item->posted_data);cp-main-class.inc.php:728

unserialize$data = unserialize($item->posted_data);cp-main-class.inc.php:1066

unserialize$data = unserialize($item->posted_data);cp-main-class.inc.php:1192

SQL Query Safety

60% prepared45 total queries

Output Escaping

61% escaped497 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths

<cp-admin-int-list.inc> (cp-admin-int-list.inc.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Polls CP Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_cpcppolls_feedbackcp-feedback.php:3

WordPress Hooks 14

actionadmin_bar_menubanner.php:102

actionadmin_enqueue_scriptscp-feedback.php:2

actionadmin_footercp-feedback.php:18

actionmedia_buttonscp-polls.php:72

actioninitcp-polls.php:73

actioninitcp-polls.php:85

actionplugins_loadedcp-polls.php:86

actionadmin_enqueue_scriptscp-polls.php:103

actionadmin_menucp-polls.php:105

actionenqueue_block_editor_assetscp-polls.php:106

filterlitespeed_cache_optimize_js_excludescp-polls.php:131

filteroption_sbp_settingscp-polls.php:138

actioninitcp-polls.php:150

filterget_post_metadatacp-polls.php:151

Maintenance & Trust

Polls CP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version

Downloads44K

Community Trust

Rating52/100

Number of ratings5

Active installs500

Alternatives

Polls CP Alternatives

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs

Democracy Poll

democracy-poll

WordPress polls plugin with multiple-choice, custom answers, cache compatibility, widgets, and shortcodes.

7K 1 unpatched

OpinionCamp – Poll Block

opinioncamp

100

OpinionCamp is a block-based poll plugin for WordPress that lets you collect polls, votes, and opinions directly inside the Gutenberg editor.

30 No CVEs

Kento Vote

kento-vote

Vote on Post and Display Who Voted via gravatar thumbnail.

10 No CVEs

Dynamic Surveys

dynamic-surveys

Create and manage simple surveys with real-time results display using beautiful pie charts.

0 No CVEs

Developer Profile

Polls CP Developer Profile

codepeople

34 plugins · 87K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

964 days

View full developer profile

Detection Fingerprints

How We Detect Polls CP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cp-polls/css/editor.css/wp-content/plugins/cp-polls/css/style.css/wp-content/plugins/cp-polls/css/frontend.css/wp-content/plugins/cp-polls/js/editor.js/wp-content/plugins/cp-polls/js/scripts.js/wp-content/plugins/cp-polls/js/jquery.validate.js/wp-content/plugins/cp-polls/js/jquery.stringify.js/wp-content/plugins/cp-polls/js/datetimepicker.js

Script Paths

/wp-content/plugins/cp-polls/js/editor.js/wp-content/plugins/cp-polls/js/scripts.js/wp-content/plugins/cp-polls/js/jquery.validate.js/wp-content/plugins/cp-polls/js/jquery.stringify.js/wp-content/plugins/cp-polls/js/datetimepicker.js

Version Parameters

cp-polls/css/editor.css?ver=cp-polls/css/style.css?ver=cp-polls/css/frontend.css?ver=cp-polls/js/editor.js?ver=cp-polls/js/scripts.js?ver=cp-polls/js/jquery.validate.js?ver=cp-polls/js/jquery.stringify.js?ver=cp-polls/js/datetimepicker.js?ver=

HTML / DOM Fingerprints

CSS Classes

cp-poll-questioncp-poll-result-bar-containercp-poll-result-textcp-poll-result-barcp-poll-result-percentcp-poll-submit-buttoncp-poll-error-messagecp-polls-admin-form-builder+1 more

HTML Comments

Data Attributes

data-poll-iddata-question-iddata-choice-value

JS Globals

CP_POLLS_DEFER_SCRIPTS_LOADINGCP_POLLS_DEFAULT_form_structureCP_POLLS_DEFAULT_form_structure2CP_POLLS_POLL_LIMITCP_POLLS_POLL_PRIVATE_REPORTSCP_POLLS_POLL_SEE_RESULTS+33 more

Shortcode Output

[CP_POLLS_SETTINGS][CP_POLLS_REPORTS][CP_POLLS_EDITOR]

FAQ

Polls CP Security & Risk Analysis

Is Polls CP Safe to Use in 2026?

Generally Safe

Key Concerns

Polls CP Security Vulnerabilities

CVEs by Year

Severity Breakdown

Polls CP Release Timeline

Polls CP Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Polls CP Attack Surface

AJAX Handlers 1

Polls CP Maintenance & Trust

Maintenance Signals

Community Trust

Polls CP Alternatives

Crowdsignal Dashboard – Polls, Surveys & more

Democracy Poll

OpinionCamp – Poll Block

Kento Vote

Dynamic Surveys

Polls CP Developer Profile

How We Detect Polls CP

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Polls CP