Simple Poll Security & Risk Analysis
wordpress.org/plugins/simple-pollPlugin that allow admin to create infinite polls and registered users to express just one preference per poll.
Is Simple Poll Safe to Use in 2026?
Use With Caution
Score 63/100Simple Poll has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "simple-poll" plugin version 1.1.1 exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and avoiding file operations or external HTTP requests, significant concerns arise from its output escaping and lack of security checks. The fact that 100% of its outputs are not properly escaped presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the absence of nonce and capability checks on its single entry point (a shortcode) is alarming, as it implies that actions initiated through this shortcode might be vulnerable to Cross-Site Request Forgery (CSRF) or unauthorized execution by unauthenticated users.
The vulnerability history reveals a past medium-severity CVE, specifically a CSRF, which aligns with the potential weaknesses identified in the code analysis. The fact that a CVE remains unpatched is a critical indicator of ongoing risk. The pattern of past vulnerabilities being CSRF suggests that the plugin may have fundamental issues with input validation and state management, especially when combined with the lack of nonce checks. While the total attack surface is small, the absence of security measures on its entry points, coupled with the output escaping deficiencies and an unpatched CVE, elevates the overall risk profile of this plugin.
Key Concerns
- Unpatched CVE
- 100% outputs unescaped
- 0 Nonce checks on entry points
- 0 Capability checks on entry points
- Flows with unsanitized paths
Simple Poll Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Simple Poll <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Simple Poll Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Simple Poll Attack Surface
Shortcodes 1
WordPress Hooks 1
Maintenance & Trust
Simple Poll Maintenance & Trust
Maintenance Signals
Community Trust
Simple Poll Alternatives
Crowdsignal Forms
crowdsignal-forms
The Crowdsignal Forms plugin allows you to create and manage polls right from within the block editor.
Crowdsignal Dashboard – Polls, Surveys & more
polldaddy
Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.
Democracy Poll
democracy-poll
WordPress polls plugin with multiple-choice, custom answers, cache compatibility, widgets, and shortcodes.
Quiz, Poll & Survey Maker by Opinion Stage
social-polls-by-opinionstage
Boost engagement and capture leads with interactive quizzes, polls, and surveys. Built for marketers, publishers, and businesses
TS Poll – Survey, Versus Poll, Image Poll, Video Poll
poll-wp
Poll plugin is a responsive and customizable for WordPress. Poll will help you more easily create powerful poll, image & video poll, vote, results.
Simple Poll Developer Profile
2 plugins · 20 total installs
How We Detect Simple Poll
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/simple-poll/css/simple-poll.css/wp-content/plugins/simple-poll/js/simple-poll.js/wp-content/plugins/simple-poll/js/simple-poll.jssimple-poll/css/simple-poll.css?ver=simple-poll/js/simple-poll.js?ver=HTML / DOM Fingerprints
simple-pollsp-questionsp-answerssp-answer-listsp-rate-buttonsp-results-labelsp-question-labelsp-answers-label+2 more<!-- Simple Poll --><!-- End Simple Poll --><!-- Poll system labels --><!-- Poll result labels -->+1 moredata-poll-iddata-poll-actionsimplePoll<div class="simple-poll"><p class="sp-question-label"><label for="sp-answers"><input type="radio" name="sp_answer" value="