Source: National Vulnerability Database

The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1456

117 hits since 2022-06-01

PHP Vulns Source Ratio: 17% (6806 total, 571 propagated, 3403 filtered)