WP-Safety

TS Poll – Survey, Versus Poll, Image Poll, Video Poll Security & Risk Analysis

wordpress.org/plugins/poll-wp

Poll plugin is a responsive and customizable for WordPress. Poll will help you more easily create powerful poll, image & video poll, vote, results.

4K active installs v2.6.0 PHP 5.5+ WP 5.0+ Updated Apr 13, 2026
image-pollpollpoll-pluginsurveywordpress-poll
86
A · Safe
CVEs total7
Unpatched0
Last CVEJan 27, 2026
Plugin page Download
Safety Verdict

Is TS Poll – Survey, Versus Poll, Image Poll, Video Poll Safe to Use in 2026?

Generally Safe

Score 86/100

TS Poll – Survey, Versus Poll, Image Poll, Video Poll has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

7 known CVEsLast CVE: Jan 27, 2026Updated 1mo ago
Risk Assessment

The poll-wp plugin v2.5.5 presents a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, several significant concerns exist. The presence of one unprotected AJAX handler is a critical vulnerability, creating an immediate attack vector. The plugin's history is particularly alarming, with a total of six known CVEs, one of which remains unpatched and is classified as critical. The historical prevalence of Missing Authorization, SQL Injection, and Cross-Site Scripting vulnerabilities suggests a recurring pattern of insecure coding practices, even with some improvements in later versions. The outdated bundled library also adds to the risk profile.

Despite some positive technical indicators like the absence of dangerous functions and taint analysis showing no critical or high severity issues, the historical vulnerability record and the single unprotected entry point overshadow these strengths. The critical unpatched CVE and the unprotected AJAX handler are immediate threats that require urgent attention. The overall risk is elevated due to the plugin's history of severe vulnerabilities and the presence of exploitable weaknesses.

Key Concerns

  • Unprotected AJAX handler found
  • 1 Critical unpatched CVE
  • 1 High unpatched CVE
  • Bundled outdated library (DataTables v1.6.16)
  • No capability checks on entry points
Vulnerabilities
7 published

TS Poll – Survey, Versus Poll, Image Poll, Video Poll Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2021
2021
2 CVEs in 2024
2024
2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
5

7 total CVEs

CVE-2026-25428medium · 5.5Server-Side Request Forgery (SSRF)

TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.5.5 - Authenticated (Editor+) Server-Side Request Forgery

Jan 27, 2026 Patched in 2.6.0 (105d)
CVE-2025-68588medium · 4.3Missing Authorization

TS Poll <= 2.5.5 - Missing Authorization

Dec 22, 2025 Patched in 2.6.0 (115d)
CVE-2025-3470medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.6 - Authenticated (Administrator+) SQL Injection via 's' Parameter

Apr 14, 2025 Patched in 2.4.7 (158d)
CVE-2024-9022high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.0 - Authenticated (Administrator+) SQL Injection via orderby Parameter

Oct 9, 2024 Patched in 2.4.1 (6d)
CVE-2024-8625medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.3.9 - Authenticated (Admin+) SQL Injection

Sep 30, 2024 Patched in 2.4.0 (74d)
WF-df3b5124-1151-4402-b30f-038470c7a951-poll-wpmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

TS Poll – Best Poll Plugin for WordPress <= 1.5.8 - Reflected Cross-Site Scripting

Aug 25, 2021 Patched in 1.5.9 (881d)
CVE-2020-11673critical · 9.8Missing Authorization

TS Poll – Best Poll Plugin for WordPress <1.3.4 - Missing Authorization

Apr 13, 2020 Patched in 1.3.4 (1380d)
Version History

TS Poll – Survey, Versus Poll, Image Poll, Video Poll Release Timeline

v2.08
v2.6.0Current
v2.5.52 CVEs
CVE-2025-68588 CVE-2026-25428
v2.5.42 CVEs
CVE-2025-68588 CVE-2026-25428
v2.5.32 CVEs
CVE-2025-68588 CVE-2026-25428
v2.5.22 CVEs
CVE-2025-68588 CVE-2026-25428
v2.5.12 CVEs
CVE-2025-68588 CVE-2026-25428
v2.5.02 CVEs
CVE-2025-68588 CVE-2026-25428
v2.4.92 CVEs
CVE-2025-68588 CVE-2026-25428
v2.4.82 CVEs
CVE-2025-68588 CVE-2026-25428
v2.4.72 CVEs
CVE-2025-68588 CVE-2026-25428
v2.4.63 CVEs
CVE-2025-3470 CVE-2025-68588 CVE-2026-25428
v2.4.53 CVEs
CVE-2025-3470 CVE-2025-68588 CVE-2026-25428
v2.4.43 CVEs
CVE-2025-3470 CVE-2025-68588 CVE-2026-25428
v2.4.33 CVEs
CVE-2025-3470 CVE-2025-68588 CVE-2026-25428
v2.4.23 CVEs
CVE-2025-3470 CVE-2025-68588 CVE-2026-25428
v2.4.13 CVEs
CVE-2025-3470 CVE-2025-68588 CVE-2026-25428
v2.4.04 CVEs
CVE-2025-3470 CVE-2025-68588 CVE-2024-9022 +1 more
v2.3.95 CVEs
CVE-2025-3470 CVE-2025-68588 CVE-2024-8625 +2 more
v2.3.85 CVEs
CVE-2025-3470 CVE-2025-68588 CVE-2024-8625 +2 more
Code Analysis
Analyzed Mar 16, 2026

TS Poll – Survey, Versus Poll, Image Poll, Video Poll Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
43 prepared
Unescaped Output
38
723 escaped
Nonce Checks
8
Capability Checks
0
File Operations
2
External Requests
1
Bundled Libraries
1

Bundled Libraries

DataTables1.6.16

SQL Query Safety

100% prepared43 total queries

Output Escaping

95% escaped761 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
tsp_get_attachment_id (admin\class-ts_poll-admin.php:871)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

TS Poll – Survey, Versus Poll, Image Poll, Video Poll Attack Surface

Entry Points11
Unprotected1

AJAX Handlers 7

authwp_ajax_tsp_check_attachmentadmin\class-ts_poll-admin.php:63
authwp_ajax_tsp_get_attachment_idadmin\class-ts_poll-admin.php:64
authwp_ajax_tsp_save_questionadmin\class-ts_poll-admin.php:65
authwp_ajax_tspoll_dashboard_fetchadmin\class-ts_poll-admin.php:70
authwp_ajax_tspoll_dashboard_updateadmin\class-ts_poll-admin.php:71
authwp_ajax_tsp_vue_functionincludes\class-ts_poll.php:86
noprivwp_ajax_tsp_vue_functionincludes\class-ts_poll.php:87

REST API Routes 2

POST/wp-json/ts-poll/v1/renderincludes\class-ts_poll.php:102
POST/wp-json/ts-poll/v1/voteincludes\class-ts_poll.php:116

Shortcodes 2

[Total_Soft_Poll] includes\class-ts_poll.php:88
[TS_Poll] includes\class-ts_poll.php:89
WordPress Hooks 32
actionadmin_bar_menuadmin\class-ts_poll-admin.php:61
actioninitadmin\class-ts_poll-admin.php:62
filterset-screen-optionadmin\class-ts_poll-admin.php:67
actionwp_dashboard_setupadmin\class-ts_poll-admin.php:68
actionadmin_footeradmin\class-ts_poll-admin.php:69
actionadmin_noticesadmin\class-ts_poll-admin.php:72
actionadmin_initadmin\class-ts_poll-admin.php:73
actioninitadmin\class-ts_poll_block.php:14
actionenqueue_block_editor_assetsadmin\class-ts_poll_block.php:15
filtertsp_get_all_fontsincludes\class-ts_poll-function.php:43
filtertsp_icon_get_class_valueincludes\class-ts_poll-function.php:44
filtertsp_get_font_faceincludes\class-ts_poll-function.php:45
filtertsp_get_theme_paramsincludes\class-ts_poll-function.php:46
filtertsp_get_all_paramsincludes\class-ts_poll-function.php:47
filterts_sanitize_stringincludes\class-ts_poll.php:80
filtertsp_import_templateincludes\class-ts_poll.php:82
actionplugins_loadedincludes\class-ts_poll.php:83
filterts_poll_check_comingincludes\class-ts_poll.php:84
filterts_poll_check_endincludes\class-ts_poll.php:85
actionwp_enqueue_scriptsincludes\class-ts_poll.php:95
actionadmin_enqueue_scriptsincludes\class-ts_poll.php:96
actionrest_api_initincludes\class-ts_poll.php:99
actionadmin_enqueue_scriptsincludes\class-ts_poll.php:554
actionadmin_enqueue_scriptsincludes\class-ts_poll.php:555
actionadmin_menuincludes\class-ts_poll.php:556
actionadmin_menuincludes\class-ts_poll.php:557
actionadmin_menuincludes\class-ts_poll.php:558
actionadmin_menuincludes\class-ts_poll.php:559
actionadmin_menuincludes\class-ts_poll.php:560
actionwp_enqueue_scriptsincludes\class-ts_poll.php:574
actionwp_enqueue_scriptsincludes\class-ts_poll.php:575
actionwidgets_initincludes\class-ts_poll.php:576
Maintenance & Trust

TS Poll – Survey, Versus Poll, Image Poll, Video Poll Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 13, 2026
PHP min version5.5
Downloads434K

Community Trust

Rating94/100
Number of ratings235
Active installs4K
Alternatives

TS Poll – Survey, Versus Poll, Image Poll, Video Poll Alternatives

YOP Poll

YOP Poll

yop-poll

A
94

Use a full option polling solution to get the answers you need. YOP Poll is the perfect, easy to use poll plugin for your WordPress site.

10K 14 CVEs
Poll Maker – Versus Polls, Anonymous Polls, Image Polls

Poll Maker – Versus Polls, Anonymous Polls, Image Polls

poll-maker

A
90

Poll Maker is a FREE WordPress poll plugin that will let you create customizable and professional online polls and voting for your WordPress website.

7K 23 CVEs
Pollify – Feedback Polls, Anonymous Polls, Up/down Voting, NPS Surveys, Export data

Pollify – Feedback Polls, Anonymous Polls, Up/down Voting, NPS Surveys, Export data

poll-creator

A
100

Poll creator lets you create a poll website in WordPress Gutenberg with advanced polling/voting features to engage your audience like never before

60 No CVEs
Crowdsignal Forms

Crowdsignal Forms

crowdsignal-forms

A
99

The Crowdsignal Forms plugin allows you to create and manage polls right from within the block editor.

200K 1 CVE
Crowdsignal Dashboard – Polls, Surveys & more

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

A
96

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs
Developer Profile

TS Poll – Survey, Versus Poll, Image Poll, Video Poll Developer Profile

totalsoft

4 plugins · 17K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
310 days
View full developer profile
Detection Fingerprints

How We Detect TS Poll – Survey, Versus Poll, Image Poll, Video Poll

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/poll-wp/assets/css/poll-wp.css/wp-content/plugins/poll-wp/assets/js/poll-wp.js
Script Paths
/wp-content/plugins/poll-wp/assets/js/poll-wp.js
Version Parameters
poll-wp/assets/css/poll-wp.css?ver=poll-wp/assets/js/poll-wp.js?ver=

HTML / DOM Fingerprints

CSS Classes
ts-poll-bannerts-poll-banner-containerts-poll-banner-circlets-poll-banner-circle-ats-poll-banner-circle-bts-poll-banner-circle-cts-poll-banner-circle-dts-poll-banner-img+7 more
Data Attributes
ts-poll-remind-mets-poll-dismissed
JS Globals
pollwp_ajax_object
REST Endpoints
/wp-json/ts-poll/v1/polls/wp-json/ts-poll/v1/polls/<id>
Shortcode Output
[poll id=
FAQ

Frequently Asked Questions about TS Poll – Survey, Versus Poll, Image Poll, Video Poll