CVE-2016-20067 MEDIUM

CVE-2016-20067: WordPress CP Polls 1.0.8 Cross-Site Request Forgery

Vendor Dwbooster

Product CP Polls

Weakness CWE-352 · CSRF

Published June 15, 2026

Last update June 15, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

Description

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.

Key dates

Disclosure timeline

June 15, 2026 CVE published

June 15, 2026 Record updated