One of the changelog entries for a recent version of YOP Poll is “fixed XSS bug”. Looking at the changes made we found that refers to a fixed reflected cross-site scripting (XSS) vulnerability in code that runs on an admin page of the plugin. That possibly of that vulnerability would have been flagged by our Plugin Security Checker if the vulnerable versions of the plugin had been checked.
…
One of the changelog entries for the latest version of YOP Poll is “fixed XSS vulnerability”. Looking at the changes made in that version we found that in a couple of locations there were instances of a reflected cross-site scripting (XSS) vulnerability that were fixed.
…
From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.
…