Browse all 3 CVE security advisories affecting YOP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
YOP is a web-based platform primarily used for project management and team collaboration. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation issues, with three CVEs documented to date. The application's security posture has been characterized by insufficient input validation and inadequate access controls. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in its web interface suggests ongoing challenges in secure development practices. Users should implement strict network segmentation and apply security patches promptly to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64370 | WordPress YOP Poll plugin <= 6.5.38 - Broken Access Control vulnerability — YOP PollCWE-862 | 5.3 | Medium | 2025-11-13 |
| CVE-2025-62040 | WordPress YOP Poll plugin <= 6.5.37 - Cross Site Scripting (XSS) vulnerability — YOP PollCWE-79 | 7.1 | High | 2025-11-06 |
| CVE-2017-2127 | WordPress YOP Poll 跨站脚本漏洞 — YOP Poll | 6.1 | - | 2017-04-28 |
This page lists every published CVE security advisory associated with YOP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.