EIP-2026-114288

PRE-CVE

WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114288. PoCs published by Toby Jackson.

AI-analyzed exploit summary This is a writeup detailing a stored XSS vulnerability in the WordPress YOP Polls plugin version 6.2.7. The exploit involves injecting malicious JavaScript into the 'other answers' field, which is then executed when users view poll results.

Description

WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting (XSS)

Exploits (1)

exploitdb WRITEUP

by Toby Jackson · textwebappsphp

https://www.exploit-db.com/exploits/50066

View Code ZIP pw:eip

This is a writeup detailing a stored XSS vulnerability in the WordPress YOP Polls plugin version 6.2.7. The exploit involves injecting malicious JavaScript into the 'other answers' field, which is then executed when users view poll results.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress YOP Polls plugin v6.2.7

Auth required

Prerequisites: Access to create or vote on a poll · Plugin version 6.2.7 or older

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026