WP-Safety

Pro Polls Security & Risk Analysis

wordpress.org/plugins/pro-polls

Create polls with multiple questions and add to any page/posts.

10 active installs v1.0 PHP 5.6+ WP 4.5+ Updated Nov 9, 2017
mcqsmultiple-questionspollsquiz
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Pro Polls Safe to Use in 2026?

Generally Safe

Score 85/100

Pro Polls has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "pro-polls" v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in its handling of SQL queries, exclusively using prepared statements, and the absence of file operations and external HTTP requests reduces certain attack vectors. The plugin also incorporates nonce and capability checks, which are essential for secure WordPress development.

However, significant concerns arise from the static analysis. The presence of the `unserialize` function is a critical red flag, as it can lead to Remote Code Execution vulnerabilities if not handled with extreme caution and proper sanitization. Furthermore, the taint analysis reveals a high number of flows with unsanitized paths (4 out of 5 analyzed), with all of them being of high severity. This strongly suggests that user-supplied data is not being adequately validated or escaped before being processed, potentially allowing attackers to inject malicious code or manipulate plugin behavior.

The plugin's vulnerability history is currently clean, with no recorded CVEs. While this is a positive indicator, it's important to remember that a clean history doesn't guarantee future safety, especially given the identified code-level weaknesses. The combination of dangerous functions and high-severity unsanitized taint flows points to a substantial risk of exploitable vulnerabilities within the plugin's current state.

Key Concerns

  • High severity unsanitized taint flows
  • Presence of dangerous unserialize function
  • Low percentage of properly escaped output
Vulnerabilities
None known

Pro Polls Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Pro Polls Code Analysis

Dangerous Functions
5
Raw SQL Queries
0
8 prepared
Unescaped Output
32
5 escaped
Nonce Checks
4
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$answers = unserialize($rec->post_content);classes\classes_list_questions.php:143
unserialize$answers = unserialize($objQuestion->post_content);classes\classes_polls.php:31
unserialize$answers = unserialize($objResult->answers);classes\classes_polls.php:78
unserialize$answers = unserialize($answer_string);classes\classes_polls.php:170
unserialize$answers = unserialize($question_details->post_content);pro-polls-admin-html.php:143

SQL Query Safety

100% prepared8 total queries

Output Escaping

14% escaped37 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
pro_polls_show_questions_page (pro-polls-admin-html.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Pro Polls Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[pro_polls] functions.php:131
WordPress Hooks 8
actionadmin_menuclasses\classes_options_page.php:5
actionadmin_initclasses\classes_options_page.php:6
filterpost_updated_messagesfunctions.php:41
actionadd_meta_boxesfunctions.php:130
filtermanage_pro-poll_posts_columnspro-polls.php:57
actionmanage_pro-poll_posts_custom_columnpro-polls.php:59
actionadmin_menupro-polls.php:62
actioninitpro-polls.php:70
Maintenance & Trust

Pro Polls Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedNov 9, 2017
PHP min version5.6
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Pro Polls Alternatives

DOT | Monetize Polls & Quizzes

DOT | Monetize Polls & Quizzes

dot-monetize-polls-quizzes

A
85

The easiest way to create and publish interactive polls and quizzes from the Dot Platform. Fully integrated monetization and analytics.

10 No CVEs
VIZE Tests – Basic

VIZE Tests – Basic

vize-tests-basic

A
100

This plugin will help you to create and configure different type of tests with multiple choice questions. And embed those tests in any Post or Page us …

10 No CVEs
Crowdsignal Forms

Crowdsignal Forms

crowdsignal-forms

B
78

The Crowdsignal Forms plugin allows you to create and manage polls right from within the block editor.

100K 1 unpatched
Crowdsignal Dashboard – Polls, Surveys & more

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

A
96

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs
Interactive Content – H5P

Interactive Content – H5P

h5p

A
96

Create and add rich content to your website for free. Some examples of what you get with H5P are Interactive Video, Quizzes, Collage and Timeline.

40K 3 CVEs
Developer Profile

Pro Polls Developer Profile

amitjoshi

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Pro Polls

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pro-polls/themes/pro-polls.css

HTML / DOM Fingerprints

CSS Classes
button-error
Data Attributes
poll_id
Shortcode Output
[pro_polls]
FAQ

Frequently Asked Questions about Pro Polls