Votely by WPGens Security & Risk Analysis
wordpress.org/plugins/votely-poll-vote-system-by-wpgensAdds simple poll/vote/opinion system at the end of post that helps your content to engage with users. Check screenshots.
Is Votely by WPGens Safe to Use in 2026?
Generally Safe
Score 85/100Votely by WPGens has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "votely-poll-vote-system-by-wpgens" plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, performing all SQL queries using prepared statements, and having a clean vulnerability history with no known CVEs. It also includes nonce checks and capability checks for some entry points.
However, significant concerns arise from the attack surface analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks. This is a critical security weakness, as it allows unauthenticated users to interact with potentially sensitive plugin functionality. Furthermore, a substantial portion (55%) of its output is not properly escaped. While taint analysis showed no critical or high-severity flows, this unescaped output, combined with unprotected AJAX endpoints, creates a significant risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of shortcodes, cron events, and REST API routes, while reducing the attack surface, doesn't mitigate the immediate risk posed by the unprotected AJAX endpoints.
In conclusion, while the plugin's foundation appears solid with secure SQL handling and no historical vulnerabilities, the presence of unprotected AJAX endpoints and a high rate of unescaped output are serious security flaws that necessitate immediate attention. These weaknesses could allow attackers to inject malicious scripts or manipulate plugin functionality, leading to data breaches or site defacement. Addressing these specific issues should be the priority for improving the plugin's security.
Key Concerns
- 2 AJAX handlers without auth checks
- 45% properly escaped output (55% unescaped)
Votely by WPGens Security Vulnerabilities
Votely by WPGens Code Analysis
Output Escaping
Votely by WPGens Attack Surface
AJAX Handlers 2
WordPress Hooks 11
Maintenance & Trust
Votely by WPGens Maintenance & Trust
Maintenance Signals
Community Trust
Votely by WPGens Alternatives
Polls CP
cp-polls
Create classic polls and advanced polls with dependant questions. Voting / survey system.
WP Easy Poll
wp-easy-poll-afo
This is an easy to setup polling/ voting plugin for users. Create Polls from admin panel and display in widgets.
Kento Vote
kento-vote
Vote on Post and Display Who Voted via gravatar thumbnail.
WP Cool Poll
wp-cool-poll
This plugin makes it possible to create and manage a poll and display it in a widget.
Crowdsignal Dashboard – Polls, Surveys & more
polldaddy
Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.
Votely by WPGens Developer Profile
4 plugins · 2K total installs
How We Detect Votely by WPGens
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/votely-poll-vote-system-by-wpgens/admin/css/gens-votely-admin.css/wp-content/plugins/votely-poll-vote-system-by-wpgens/admin/js/gens-votely-admin.js/wp-content/plugins/votely-poll-vote-system-by-wpgens/admin/js/gens-votely-admin.jsvotely-poll-vote-system-by-wpgens/admin/js/gens-votely-admin.js?ver=votely-poll-vote-system-by-wpgens/admin/css/gens-votely-admin.css?ver=HTML / DOM Fingerprints
gens-votely-poll-areagens-votely-poll-result-areagens-votely-vote-buttongens-votely-poll-titlegens-votely-poll-optionsgens-votely-poll-optiongens-votely-option-labelgens-votely-poll-vote-count+3 moredata-poll-iddata-option-iddata-noncevotely_ajax_object/wp-json/votely/v1/vote/wp-json/votely/v1/get_results[votely_poll id="[votely_poll_results id="