I have released WP-Polls 2.61 [1] which fixes a code injection via “HTTP Referrer” and affects users who are on WP-Polls 2.60 only.
I also took this chance to port the readme.html to the proper readme.txt which WordPress.org is using and now you can see all the details of WP-Polls [1] right from the plugins page itself regardless if it is from your WP-Admin or WordPress.org.
All users should upgrade now
Vulnerability discovered by + Props to:
Dweeks, Leon Juranic and Chad Lavoie of the Swiftwill Security Team (www.swiftwill.com [2])
Download: WP-Polls 2.61 [3]