WP-Safety

Crowdsignal Dashboard – Polls, Surveys & more Security & Risk Analysis

wordpress.org/plugins/polldaddy

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K active installs v3.1.5 PHP 5.6+ WP 5.5+ Updated Feb 25, 2026
pollingpollsratingsurveysvote
96
A · Safe
CVEs total9
Unpatched0
Last CVESep 24, 2024
Plugin page Download
Safety Verdict

Is Crowdsignal Dashboard – Polls, Surveys & more Safe to Use in 2026?

Generally Safe

Score 96/100

Crowdsignal Dashboard – Polls, Surveys & more has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Sep 24, 2024Updated 1mo ago
Risk Assessment

The Polldaddy v3.1.5 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a strong adherence to secure coding practices regarding SQL queries, which are exclusively prepared. The plugin also implements a significant number of nonce and capability checks, indicating an effort to protect against common WordPress attack vectors. The absence of critical or high-severity taint analysis findings is also a reassuring sign, suggesting that direct code execution or privilege escalation vulnerabilities are not immediately apparent from this analysis.

However, several concerns warrant attention. The presence of three "flows with unsanitized paths" in the taint analysis, while not classified as critical or high severity, suggests potential weaknesses in how the plugin handles user-provided data, which could lead to issues if exploited. Furthermore, the plugin's history of nine known CVEs, even though none are currently unpatched, is a significant red flag. The common vulnerability types listed (CSRF, Missing Authorization, XSS) point to recurring security flaws, suggesting a pattern of oversight in previous development cycles or a complex codebase that is prone to such issues. The most recent vulnerability being dated September 24, 2024, indicates that the plugin has had recent security issues that were addressed, but it still points to a history of insecurity.

In conclusion, while Polldaddy v3.1.5 demonstrates good practices in certain areas like SQL handling and authentication checks, its history of numerous medium-severity vulnerabilities and the presence of unsanitized paths in taint analysis are significant weaknesses. Users should be aware of the potential for previously exploited vulnerability types to re-emerge or for new, subtle vulnerabilities to be discovered in the future, especially considering the plugin's past security record.

Key Concerns

  • History of 9 known CVEs
  • 3 flows with unsanitized paths
  • Recent vulnerability (2024-09-24)
  • Common vulnerability types (CSRF, Missing Auth, XSS)
  • 88% output escaping (potential for XSS)
Vulnerabilities
9

Crowdsignal Dashboard – Polls, Surveys & more Security Vulnerabilities

CVEs by Year

1 CVE in 2013
2013
2 CVEs in 2014
2014
1 CVE in 2016
2016
2 CVEs in 2022
2022
2 CVEs in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
8

9 total CVEs

CVE-2024-43338medium · 4.3Cross-Site Request Forgery (CSRF)

Crowdsignal Dashboard – Polls, Surveys & more <= 3.1.3 - Cross-Site Request Forgery

Sep 24, 2024 Patched in 3.1.4 (389d)
CVE-2023-51488medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.11 - Reflected Cross-Site Scripting

Dec 27, 2023 Patched in 3.1.0 (27d)
CVE-2023-51489medium · 4.3Cross-Site Request Forgery (CSRF)

Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.11 - Cross-Site Request Forgery via update_rating

Dec 27, 2023 Patched in 3.1.0 (27d)
CVE-2022-45069medium · 5.4Missing Authorization

Crowdsignal Dashboard <= 3.0.9 - Authorization Bypass

Nov 17, 2022 Patched in 3.0.10 (432d)
CVE-2022-2386medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.7 - Reflected Cross-Site Scripting

Jul 18, 2022 Patched in 3.0.8 (554d)
WF-e17c4ed6-b09a-40ca-bcda-2b881056469c-polldaddymedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Crowdsignal Dashboard – Polls, Surveys & more <= 2.0.31 - Stored Cross-Site scripting

May 26, 2016 Patched in 2.0.32 (2798d)
WF-68d9b56b-2460-48d5-95ca-b64e65592b16-polldaddymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Polldaddy Polls & Rating < 2.0.24 - Reflected Cross-Site Scripting

Aug 1, 2014 Patched in 2.0.24 (3462d)
CVE-2014-4856medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Crowdsignal Dashboard <= 2.0.24 - Cross-Site Scripting

Aug 1, 2014 Patched in 2.0.25 (3462d)
WF-683e10af-5414-4959-9823-93e88e84bb1b-polldaddyhigh · 7.1Cross-Site Request Forgery (CSRF)

Crowdsignal Dashboard < 2.0.21 - Cross-Site Request Forgery

Nov 6, 2013 Patched in 2.0.21 (3730d)
Code Analysis
Analyzed Mar 16, 2026

Crowdsignal Dashboard – Polls, Surveys & more Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
96
710 escaped
Nonce Checks
30
Capability Checks
11
File Operations
7
External Requests
3
Bundled Libraries
0

Output Escaping

88% escaped806 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

12 flows3 with unsanitized paths
management_page_notices (polldaddy.php:1609)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Crowdsignal Dashboard – Polls, Surveys & more Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 2

authwp_ajax_polls_upload_imageajax.php:9
authwp_ajax_polls_add_answerajax.php:10

Shortcodes 2

[crowdsignal] polldaddy-shortcode.php:21
[polldaddy] polldaddy-shortcode.php:22
WordPress Hooks 27
actioninitajax.php:123
filteradmin_titlepolldaddy-org.php:132
actionadmin_menupolldaddy-org.php:475
actioninitpolldaddy-org.php:478
filterwidget_textpolldaddy-org.php:479
actionwidgets_initpolldaddy-org.php:633
actionadmin_noticespolldaddy-org.php:659
actionwp_enqueue_scriptspolldaddy-shortcode.php:24
actioninfinite_scroll_renderpolldaddy-shortcode.php:25
actionwp_footerpolldaddy-shortcode.php:166
actionwp_footerpolldaddy-shortcode.php:229
filterthe_contentpolldaddy-shortcode.php:460
filterthe_content_rsspolldaddy-shortcode.php:461
actioninitpolldaddy.php:44
filterjetpack_options_whitelistpolldaddy.php:103
actionadmin_menupolldaddy.php:136
actionadmin_enqueue_scriptspolldaddy.php:179
actionadmin_headpolldaddy.php:871
actionadmin_body_classpolldaddy.php:876
actionadmin_noticespolldaddy.php:878
filtertype_url_form_videopopups.php:125
filtertype_url_form_audiopopups.php:126
filtertype_url_form_imagepopups.php:127
actionadmin_initpopups.php:130
filterthe_contentrating.php:154
filterthe_excerptrating.php:155
filtercomment_textrating.php:158
Maintenance & Trust

Crowdsignal Dashboard – Polls, Surveys & more Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version5.6
Downloads1.3M

Community Trust

Rating54/100
Number of ratings34
Active installs100K
Alternatives

Crowdsignal Dashboard – Polls, Surveys & more Alternatives

WP-Polls

WP-Polls

wp-polls

B
84

Adds an AJAX poll system to your WordPress blog. You can also easily add a poll into your WordPress's blog post/page.

40K 6 CVEs
Poll Maker – Versus Polls, Anonymous Polls, Image Polls

Poll Maker – Versus Polls, Anonymous Polls, Image Polls

poll-maker

A
88

Poll Maker is a FREE WordPress poll plugin that will let you create customizable and professional online polls and voting for your WordPress website.

7K 23 CVEs
Simply Polls

Simply Polls

simply-polls

A
85

Add AJAX poll to your WordPress blog. You can use our polls on sidebars, posts and pages.

10 No CVEs
WP-Polls (with CubePoints)

WP-Polls (with CubePoints)

wp-polls-with-cubepoints

A
100

WP-Polls (with CubePoints) is a modified version of [WP-Polls](http://wordpress.org/extend/plugins/wp-polls/ "WP-Polls") by Lester 'GaM &hellip;

10 No CVEs
Crowdsignal Forms

Crowdsignal Forms

crowdsignal-forms

B
78

The Crowdsignal Forms plugin allows you to create and manage polls right from within the block editor.

100K 1 unpatched
Developer Profile

Crowdsignal Dashboard – Polls, Surveys & more Developer Profile

Automattic

213 plugins · 19.2M total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
1384 days
View full developer profile
Detection Fingerprints

How We Detect Crowdsignal Dashboard – Polls, Surveys & more

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/polldaddy/css/polldaddy-admin-menu.css/wp-content/plugins/polldaddy/css/polldaddy-options.css/wp-content/plugins/polldaddy/css/polldaddy-feedback.css/wp-content/plugins/polldaddy/css/polldaddy-reports.css/wp-content/plugins/polldaddy/css/polldaddy-styles.css/wp-content/plugins/polldaddy/js/polldaddy-admin.js/wp-content/plugins/polldaddy/js/polldaddy-admin-menu.js/wp-content/plugins/polldaddy/js/polldaddy-admin-feedback.js+25 more
Script Paths
/wp-content/plugins/polldaddy/js/polldaddy-admin.js/wp-content/plugins/polldaddy/js/polldaddy-admin-menu.js/wp-content/plugins/polldaddy/js/polldaddy-admin-feedback.js/wp-content/plugins/polldaddy/js/polldaddy-admin-reports.js/wp-content/plugins/polldaddy/js/polldaddy-admin-reports-chart.js/wp-content/plugins/polldaddy/js/polldaddy-admin-options.js+22 more
Version Parameters
/wp-content/plugins/polldaddy/css/polldaddy-admin-menu.css?ver=/wp-content/plugins/polldaddy/css/polldaddy-options.css?ver=/wp-content/plugins/polldaddy/css/polldaddy-feedback.css?ver=/wp-content/plugins/polldaddy/css/polldaddy-reports.css?ver=/wp-content/plugins/polldaddy/css/polldaddy-styles.css?ver=/wp-content/plugins/polldaddy/js/polldaddy-admin.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-admin-menu.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-admin-feedback.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-admin-reports.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-admin-reports-chart.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-admin-options.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-editor.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-editor-blocks.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-editor-blocks-editor.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-editor-blocks-view.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-ratings.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-ratings-admin.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-ratings-editor.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-ratings-view.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-survey.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-survey-admin.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-survey-editor.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-survey-view.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-survey-results-js.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-survey-results-admin.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-survey-results-view.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-form-builder.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-form-builder-admin.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-form-builder-editor.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-form-builder-view.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-form-builder-results.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-form-builder-results-admin.js?ver=/wp-content/plugins/polldaddy/js/polldaddy-form-builder-results-view.js?ver=

HTML / DOM Fingerprints

CSS Classes
polldaddy-admin-menupolldaddy-optionspolldaddy-feedbackpolldaddy-reportspolldaddy-stylespolldaddy-adminpolldaddy-editorpolldaddy-editor-blocks+8 more
HTML Comments
<!-- polldaddy-admin-menu --><!-- polldaddy-options --><!-- polldaddy-feedback --><!-- polldaddy-reports -->+17 more
Data Attributes
data-polldaddy-form-builderdata-polldaddy-form-builder-editordata-polldaddy-form-builder-viewdata-polldaddy-form-builder-resultsdata-polldaddy-form-builder-results-admindata-polldaddy-form-builder-results-view+9 more
JS Globals
polldaddy_admin_menupolldaddy_admin_optionspolldaddy_admin_feedbackpolldaddy_admin_reportspolldaddy_admin_reports_chartpolldaddy_editor+20 more
REST Endpoints
/wp-json/polldaddy/v1/admin/wp-json/polldaddy/v1/admin/feedback/wp-json/polldaddy/v1/admin/reports/wp-json/polldaddy/v1/admin/options/wp-json/polldaddy/v1/editor/wp-json/polldaddy/v1/editor/blocks/wp-json/polldaddy/v1/ratings/wp-json/polldaddy/v1/ratings/admin/wp-json/polldaddy/v1/ratings/editor/wp-json/polldaddy/v1/ratings/view/wp-json/polldaddy/v1/survey/wp-json/polldaddy/v1/survey/admin/wp-json/polldaddy/v1/survey/editor/wp-json/polldaddy/v1/survey/view/wp-json/polldaddy/v1/survey/results/wp-json/polldaddy/v1/survey/results/admin/wp-json/polldaddy/v1/survey/results/view/wp-json/polldaddy/v1/form-builder/wp-json/polldaddy/v1/form-builder/admin/wp-json/polldaddy/v1/form-builder/editor/wp-json/polldaddy/v1/form-builder/view/wp-json/polldaddy/v1/form-builder/results/wp-json/polldaddy/v1/form-builder/results/admin/wp-json/polldaddy/v1/form-builder/results/view
FAQ

Frequently Asked Questions about Crowdsignal Dashboard – Polls, Surveys & more