Poll, Poll Forms – WordPress Poll plugin by Poll Builder Security & Risk Analysis

The "poll-builder" plugin v1.3.5 presents a mixed security posture. While it demonstrates good practices in SQL query sanitization (91% prepared statements) and avoids file operations and external HTTP requests, significant concerns arise from its attack surface and taint analysis.

The plugin exposes 5 entry points, with 2 AJAX handlers lacking authentication checks. This is a critical oversight, as it allows unauthorized users to potentially interact with sensitive plugin functionalities. The taint analysis reveals 7 flows with unsanitized paths, 4 of which are classified as high severity. This indicates a strong possibility of vulnerabilities like Cross-Site Scripting (XSS) or other injection attacks if user-supplied data is not properly validated and escaped before use.

The plugin's vulnerability history, despite being limited to one medium-severity CVE related to XSS, coupled with the high severity taint flows, suggests a pattern of input sanitization weaknesses. The fact that this CVE is currently unpatched is a serious red flag. While the plugin has strengths in its SQL practices and avoidance of certain risky operations, the combination of an unprotected attack surface and unpatched XSS vulnerabilities demands immediate attention.