Does TotalPoll for Polls and Contests have any unpatched vulnerabilities?

No. All known vulnerabilities in TotalPoll for Polls and Contests have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TotalPoll for Polls and Contests compatible with WordPress 6.8.5?

According to WordPress.org data, TotalPoll for Polls and Contests 4.12.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is TotalPoll for Polls and Contests compatible with PHP 5.6+?

TotalPoll for Polls and Contests requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TotalPoll for Polls and Contests updated?

TotalPoll for Polls and Contests was last updated on Sep 5, 2025. Frequent updates are generally a positive security signal.

What is TotalPoll for Polls and Contests's security score?

TotalPoll for Polls and Contests has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TotalPoll for Polls and Contests Security & Risk Analysis

wordpress.org/plugins/totalpoll-lite

TotalPoll is a responsive and customizable WordPress poll plugin that will help you create voting contest, competition, image poll, simple poll.

1K active installs v4.12.0 PHP 5.6+ WP 4.8+ Updated Sep 5, 2025

contestelectionpollquestionnairevote

A · Safe

CVEs total2

Unpatched0

Last CVEApr 22, 2024

Plugin page Download

Safety Verdict

Is TotalPoll for Polls and Contests Safe to Use in 2026?

Generally Safe

Score 99/100

TotalPoll for Polls and Contests has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 22, 2024Updated 7mo ago

Risk Assessment

The TotalPoll Lite plugin v4.12.0 exhibits a mixed security posture, with some positive indicators but significant areas of concern. While the plugin demonstrates good practices in its use of prepared statements for SQL queries and a high percentage of properly escaped outputs, the substantial attack surface presented by 39 unprotected AJAX handlers is a major red flag. The presence of the `unserialize` function, even without apparent exploitable taint flows in the static analysis, warrants caution due to its historical association with deserialization vulnerabilities.

The vulnerability history of TotalPoll Lite shows a pattern of medium-severity issues, primarily related to missing authorization and CSRF. The fact that there are currently no unpatched CVEs is encouraging, indicating that developers are addressing reported vulnerabilities. However, the past occurrence of these types of vulnerabilities, coupled with the large number of unprotected AJAX endpoints, suggests a recurring theme of authorization and input validation weaknesses.

Overall, the plugin has strengths in its database query and output handling. However, the large number of unprotected AJAX endpoints and the presence of `unserialize` are significant security risks that could be exploited. The historical vulnerability patterns reinforce the need for vigilance regarding authorization checks and input sanitization. Users should be aware of these risks and ensure they are using the latest patched versions if any future vulnerabilities are discovered.

Key Concerns

Large attack surface: 39 unprotected AJAX handlers
Dangerous function: unserialize detected
Historically vulnerable to Missing Authorization
Historically vulnerable to CSRF

Vulnerabilities

TotalPoll for Polls and Contests Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-32821medium · 4.3Missing Authorization

Total Poll Lite <= 4.9.9 - Missing Authorization

Apr 22, 2024 Patched in 4.10.0 (8d)

CVE-2023-27449medium · 4.3Cross-Site Request Forgery (CSRF)

Total Poll Lite <= 4.8.6 - Cross-Site Request Forgery

Mar 3, 2023 Patched in 4.8.7 (326d)

Code Analysis

Analyzed Mar 16, 2026

TotalPoll for Polls and Contests Code Analysis

Dangerous Functions

Raw SQL Queries

57 prepared

Unescaped Output

123

389 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$poll['options'] = unserialize( $poll['options'] );src\Migrations\Polls\YOP\Extract.php:77

unserializeself::$originalExpressions = unserialize( serialize( $domain ) );src\Poll\Model.php:1677

SQL Query Safety

90% prepared63 total queries

Output Escaping

76% escaped512 total outputs

Attack Surface

39 unprotected

TotalPoll for Polls and Contests Attack Surface

Entry Points42

Unprotected39

AJAX Handlers 39

authwp_ajax_totalpoll_polls_add_to_sidebarsrc\Admin\Ajax\Bootstrap.php:43

authwp_ajax_totalpoll_npssrc\Admin\Ajax\Bootstrap.php:51

authwp_ajax_totalpoll_onboardingsrc\Admin\Ajax\Bootstrap.php:71

authwp_ajax_totalpoll_tracking_featuressrc\Admin\Ajax\Bootstrap.php:93

authwp_ajax_totalpoll_tracking_screenssrc\Admin\Ajax\Bootstrap.php:104

authwp_ajax_totalpoll_entries_listsrc\Admin\Ajax\Bootstrap.php:130

authwp_ajax_totalpoll_entries_downloadsrc\Admin\Ajax\Bootstrap.php:137

authwp_ajax_totalpoll_entries_pollssrc\Admin\Ajax\Bootstrap.php:145

authwp_ajax_totalpoll_entries_purgesrc\Admin\Ajax\Bootstrap.php:153

authwp_ajax_totalpoll_entries_removesrc\Admin\Ajax\Bootstrap.php:161

authwp_ajax_totalpoll_insights_metricssrc\Admin\Ajax\Bootstrap.php:172

authwp_ajax_totalpoll_insights_pollssrc\Admin\Ajax\Bootstrap.php:179

authwp_ajax_totalpoll_insights_downloadsrc\Admin\Ajax\Bootstrap.php:187

authwp_ajax_totalpoll_dashboard_blog_feedsrc\Admin\Ajax\Bootstrap.php:195

authwp_ajax_totalpoll_dashboard_activatesrc\Admin\Ajax\Bootstrap.php:208

authwp_ajax_totalpoll_dashboard_deactivatesrc\Admin\Ajax\Bootstrap.php:216

authwp_ajax_totalpoll_dashboard_accountsrc\Admin\Ajax\Bootstrap.php:224

authwp_ajax_totalpoll_dashboard_polls_overviewsrc\Admin\Ajax\Bootstrap.php:231

authwp_ajax_totalpoll_log_listsrc\Admin\Ajax\Bootstrap.php:242

authwp_ajax_totalpoll_log_downloadsrc\Admin\Ajax\Bootstrap.php:249

authwp_ajax_totalpoll_log_removesrc\Admin\Ajax\Bootstrap.php:256

authwp_ajax_totalpoll_log_purgesrc\Admin\Ajax\Bootstrap.php:264

authwp_ajax_totalpoll_log_exportsrc\Admin\Ajax\Bootstrap.php:268

authwp_ajax_totalpoll_log_export_statussrc\Admin\Ajax\Bootstrap.php:272

authwp_ajax_totalpoll_modules_install_from_filesrc\Admin\Ajax\Bootstrap.php:283

authwp_ajax_totalpoll_modules_install_from_storesrc\Admin\Ajax\Bootstrap.php:290

authwp_ajax_totalpoll_modules_listsrc\Admin\Ajax\Bootstrap.php:297

authwp_ajax_totalpoll_modules_updatesrc\Admin\Ajax\Bootstrap.php:308

authwp_ajax_totalpoll_modules_uninstallsrc\Admin\Ajax\Bootstrap.php:315

authwp_ajax_totalpoll_modules_activatesrc\Admin\Ajax\Bootstrap.php:322

authwp_ajax_totalpoll_modules_deactivatesrc\Admin\Ajax\Bootstrap.php:329

authwp_ajax_totalpoll_options_save_optionssrc\Admin\Ajax\Bootstrap.php:336

authwp_ajax_totalpoll_options_purgesrc\Admin\Ajax\Bootstrap.php:339

authwp_ajax_totalpoll_options_migrate_pollssrc\Admin\Ajax\Bootstrap.php:342

authwp_ajax_totalpoll_templates_get_defaultssrc\Admin\Ajax\Bootstrap.php:354

authwp_ajax_totalpoll_templates_get_previewsrc\Admin\Ajax\Bootstrap.php:361

authwp_ajax_totalpoll_templates_get_settingssrc\Admin\Ajax\Bootstrap.php:368

authwp_ajax_totalpollsrc\Bootstrap.php:37

noprivwp_ajax_totalpollsrc\Bootstrap.php:38

Shortcodes 3

[tp-poll] src\Plugin.php:667

[totalpoll] src\Plugin.php:668

[totalpoll-random] src\Plugin.php:670

WordPress Hooks 65

actionadmin_menumodules\extensions\Troubleshooter\Extension.php:36

actionadmin_initmodules\extensions\Troubleshooter\Extension.php:39

actionadmin_enqueue_scriptsmodules\extensions\Troubleshooter\Extension.php:42

actionadmin_initsetup.php:81

actionadmin_noticessetup.php:82

actioncurrent_screensrc\Admin\Bootstrap.php:145

actionadmin_menusrc\Admin\Bootstrap.php:146

filteradmin_body_classsrc\Admin\Bootstrap.php:147

actionadmin_noticessrc\Admin\Bootstrap.php:157

actionbefore_delete_postsrc\Admin\Bootstrap.php:159

actionadmin_action_reset_pollsrc\Admin\Bootstrap.php:161

filteradmin_footer_textsrc\Admin\Bootstrap.php:442

filterupdate_footersrc\Admin\Bootstrap.php:443

filterparent_filesrc\Admin\Bootstrap.php:480

actionpre_current_active_pluginssrc\Admin\Plugins\UninstallFeedback.php:7

actionadmin_enqueue_scriptssrc\Admin\Poll\Editor.php:81

actionadmin_enqueue_scriptssrc\Admin\Poll\Editor.php:82

actionedit_form_after_titlesrc\Admin\Poll\Editor.php:85

actionsubmitpost_boxsrc\Admin\Poll\Editor.php:88

filterwp_insert_post_datasrc\Admin\Poll\Editor.php:91

filterredirect_post_locationsrc\Admin\Poll\Editor.php:697

actionadmin_enqueue_scriptssrc\Admin\Poll\Listing.php:49

filterdisplay_post_statessrc\Admin\Poll\Listing.php:52

filtermanage_poll_posts_columnssrc\Admin\Poll\Listing.php:55

actionmanage_poll_posts_custom_columnsrc\Admin\Poll\Listing.php:58

filtermanage_edit-poll_sortable_columnssrc\Admin\Poll\Listing.php:59

filterpost_row_actionssrc\Admin\Poll\Listing.php:62

filterpre_get_postssrc\Admin\Poll\Listing.php:65

filtertotalpoll/filters/admin/listing/columns-content/votessrc\Admin\Poll\Listing.php:132

filtertotalpoll/filters/admin/listing/columns-content/entriessrc\Admin\Poll\Listing.php:137

filtertotalpoll/filters/admin/listing/columns-content/logsrc\Admin\Poll\Listing.php:142

filterposts_fieldssrc\Admin\Poll\Listing.php:271

filterposts_orderbysrc\Admin\Poll\Listing.php:275

actionadmin_initsrc\Admin\Privacy\Policy.php:40

filterwp_privacy_personal_data_exporterssrc\Admin\Privacy\Policy.php:41

filterwp_privacy_personal_data_eraserssrc\Admin\Privacy\Policy.php:42

actionpre_get_postssrc\Bootstrap.php:22

actiontotalpoll/actions/urls/flushsrc\Bootstrap.php:26

actionwpsrc\Bootstrap.php:36

actionwpsrc\Bootstrap.php:42

filterthe_contentsrc\Bootstrap.php:181

actionwp_headsrc\Bootstrap.php:183

filterwp_titlesrc\Bootstrap.php:185

actionembed_contentsrc\Bootstrap.php:189

filterthe_excerpt_embedsrc\Bootstrap.php:193

filterembed_site_title_htmlsrc\Bootstrap.php:194

filtertotalpoll/filters/render/argssrc\Decorators\StructuredData.php:18

actiontotalpoll/actions/rendersrc\Modules\Template.php:23

filtergettext_totalpollsrc\Plugin.php:686

filterngettext_totalpollsrc\Plugin.php:699

actiontotalpoll/actions/request/welcomesrc\Poll\Controller.php:42

actiontotalpoll/actions/request/votesrc\Poll\Controller.php:43

actiontotalpoll/actions/request/thankyousrc\Poll\Controller.php:44

actiontotalpoll/actions/request/resultssrc\Poll\Controller.php:45

actiontotalpoll/actions/request/viewsrc\Poll\Controller.php:46

actiontotalpoll/actions/ajax-requestsrc\Poll\Controller.php:47

actiontotalpoll/actions/activatedsrc\Poll\PostType.php:13

filtertotalpoll/filters/render/screensrc\Shortcodes\Poll.php:34

filtertotalpoll/filters/form/pagessrc\Shortcodes\Poll.php:50

filtertotalpoll/filters/poll/results-hiddensrc\Shortcodes\Poll.php:59

filtertotalpoll/filters/form/buttonssrc\Shortcodes\Poll.php:72

filtertotalpoll/filters/render/screensrc\Shortcodes\RandomPoll.php:35

filtertotalpoll/filters/form/pagessrc\Shortcodes\RandomPoll.php:51

filtertotalpoll/filters/poll/results-hiddensrc\Shortcodes\RandomPoll.php:60

filtertotalpoll/filters/form/buttonssrc\Shortcodes\RandomPoll.php:73

Scheduled Events 1

totalpoll/actions/urls/flush

Maintenance & Trust

TotalPoll for Polls and Contests Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 5, 2025

PHP min version5.6

Downloads93K

Community Trust

Rating86/100

Number of ratings45

Active installs1K

Alternatives

TotalPoll for Polls and Contests Alternatives

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs

WP-Polls

wp-polls

Adds an AJAX poll system to your WordPress blog. You can also easily add a poll into your WordPress's blog post/page.

40K 6 CVEs

Democracy Poll

democracy-poll

WordPress polls plugin with multiple-choice, custom answers, cache compatibility, widgets, and shortcodes.

7K 1 unpatched

Poll Maker – Versus Polls, Anonymous Polls, Image Polls

poll-maker

Poll Maker is a FREE WordPress poll plugin that will let you create customizable and professional online polls and voting for your WordPress website.

7K 23 CVEs

TotalSurvey for Survey, Quiz and Form

totalsurvey

100

Create satisfaction survey, engaging quiz, gather feedback and run exam with the best WordPress survey and quiz plugin.

600 No CVEs

Developer Profile

TotalPoll for Polls and Contests Developer Profile

TotalSuite

5 plugins · 2K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

138 days

View full developer profile

Detection Fingerprints

How We Detect TotalPoll for Polls and Contests

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/totalpoll-lite/modules/extensions/Troubleshooter/assets/scripts/troubleshooter.js/wp-content/plugins/totalpoll-lite/modules/extensions/Troubleshooter/assets/styles/troubleshooter.css/wp-content/plugins/totalpoll-lite/src/Admin/Dashboard/assets/scripts/dashboard.js/wp-content/plugins/totalpoll-lite/src/Admin/Dashboard/assets/styles/dashboard.css

Script Paths

totalpoll-troubleshootertotalpoll-admin-dashboard

Version Parameters

totalpoll-lite/modules/extensions/Troubleshooter/assets/scripts/troubleshooter.js?ver=totalpoll-lite/modules/extensions/Troubleshooter/assets/styles/troubleshooter.css?ver=totalpoll-lite/src/Admin/Dashboard/assets/scripts/dashboard.js?ver=totalpoll-lite/src/Admin/Dashboard/assets/styles/dashboard.css?ver=

HTML / DOM Fingerprints

CSS Classes

totalpoll-admin-dashboardtotalpoll-troubleshootertp-dashboard

HTML Comments

Data Attributes

data-i18ndata-translatable

JS Globals

TotalPollTests

REST Endpoints

/wp-json/totalpoll/

FAQ