WP Easy Poll Security & Risk Analysis
wordpress.org/plugins/wp-easy-poll-afoThis is an easy to setup polling/ voting plugin for users. Create Polls from admin panel and display in widgets.
Is WP Easy Poll Safe to Use in 2026?
Use With Caution
Score 63/100WP Easy Poll has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The wp-easy-poll-afo v2.2.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices regarding database interactions, with 100% of SQL queries utilizing prepared statements, and it avoids dangerous functions, file operations, and external HTTP requests. The presence of nonce and capability checks, while limited in scope, also suggests an awareness of security principles. However, a significant concern is the code's output escaping, where only 42% of outputs are properly sanitized, leaving nearly 60% potentially vulnerable to cross-site scripting (XSS) attacks. This is corroborated by taint analysis, which identified two high-severity flows with unsanitized paths. The plugin's vulnerability history, including a medium-severity XSS vulnerability patched recently in April 2025, reinforces these concerns about potential output sanitization issues. While the attack surface appears limited in terms of entry points and unauthorized access, the lack of comprehensive output escaping is a critical weakness that attackers could exploit. The plugin's strengths lie in its database security and absence of certain risky functionalities, but its weaknesses in output handling and historical XSS vulnerabilities necessitate careful consideration.
Key Concerns
- High severity taint flows with unsanitized paths
- Low percentage of properly escaped output
- Unpatched vulnerability history (medium severity)
WP Easy Poll Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
WP Easy Poll <= 2.2.9 - Reflected Cross-Site Scripting
WP Easy Poll Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
WP Easy Poll Attack Surface
Shortcodes 2
WordPress Hooks 8
Maintenance & Trust
WP Easy Poll Maintenance & Trust
Maintenance Signals
Community Trust
WP Easy Poll Alternatives
WP Cool Poll
wp-cool-poll
This plugin makes it possible to create and manage a poll and display it in a widget.
Crowdsignal Dashboard – Polls, Surveys & more
polldaddy
Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.
WP-Polls
wp-polls
Adds an AJAX poll system to your WordPress blog. You can also easily add a poll into your WordPress's blog post/page.
Poll Maker – Versus Polls, Anonymous Polls, Image Polls
poll-maker
Poll Maker is a FREE WordPress poll plugin that will let you create customizable and professional online polls and voting for your WordPress website.
Polls CP
cp-polls
Create classic polls and advanced polls with dependant questions. Voting / survey system.
WP Easy Poll Developer Profile
9 plugins · 8K total installs
How We Detect WP Easy Poll
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-easy-poll-afo/assets/js/jquery-ui-timepicker-addon.js/wp-content/plugins/wp-easy-poll-afo/assets/js/easy-poll-js.js/wp-content/plugins/wp-easy-poll-afo/assets/css/jquery-ui.css/wp-content/plugins/wp-easy-poll-afo/assets/css/style_easy_poll_admin.css/wp-content/plugins/wp-easy-poll-afo/assets/js/ap.cookie.js/wp-content/plugins/wp-easy-poll-afo/assets/js/ap-tabs.js/wp-content/plugins/wp-easy-poll-afo/assets/css/style_easy_poll.css/wp-content/plugins/wp-easy-poll-afo/assets/js/jquery-ui-timepicker-addon.js/wp-content/plugins/wp-easy-poll-afo/assets/js/easy-poll-js.js/wp-content/plugins/wp-easy-poll-afo/assets/js/ap.cookie.js/wp-content/plugins/wp-easy-poll-afo/assets/js/ap-tabs.jsHTML / DOM Fingerprints
wpeasy-poll-active-poll|||||
<(`0_0`)>
()(afo)()
()-()data-pollidWPEASYPOLLAJAX[easypoll][easypolllist_all]