CVE-2019-25297

Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.6.25 Stored XSS

Description

Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain a stored cross-site scripting (XSS) vulnerability via multiple parameters due to insufficient input validation and output escaping. An unauthenticated attacker can inject arbitrary script into content that executes when a victim views an affected page.

INFO

Published Date :

2026-01-16T20:14:10.132Z

Last Modified :

2026-01-16T21:08:52.376Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2019-25297 vulnerability.

Vendors	Products
Opinionstage	Poll, Survey & Quiz Maker
Wordpress	Wordpress

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2019-25297.

URL	Resource
https://plugins.trac.wordpress.org/changeset/2158590/social-polls-by-opinionstage
https://web.archive.org/web/20191020011448/https://www.pluginvulnerabilities.com/2019/09/16/hackers-may-already-be-targeting-this-persistent-xss-vulnerability-in-poll-survey-form-quiz-maker-by-opinionstage/
https://wordpress.org/plugins/social-polls-by-opinionstage/
https://wpscan.com/vulnerability/4ed1edd6-3813-44a3-bee7-f07c1774b679/
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-poll-survey-form-quiz-maker-by-opinionstage-cross-site-scripting-19-6-24/
https://www.vulncheck.com/advisories/poll-survey-and-quiz-maker-plugin-by-opinion-stage-stored-xss
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19625-unauthenticated-stored-cross-site-scripting

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability