CVE Catalog

CVE-2016-20067

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

WordPress CP Polls version 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.

Risk Assessment

This vulnerability poses a risk that attackers can take control of administrator actions, potentially leading to unauthorized changes in polls and data leakage.

Recommendation

It is recommended to update the CP Polls plugin to the latest version to mitigate this vulnerability and implement additional security measures such as CSRF token verification.

Original NVD description (English source)

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS