CVE-2016-20067 MEDIUM

CVE-2016-20067: WordPress CP Polls 1.0.8 Cross-Site Request Forgery

Vendor Dwbooster
Product CP Polls
Weakness CWE-352 · CSRF
Published June 15, 2026
Last update June 15, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.

Explanation of Vulnerability in Simple Terms

02Summary

CP Polls contains a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of a logged-in user. An attacker can craft a malicious link or page that, when visited by a site administrator, modifies poll settings or data without the administrator's knowledge. The vulnerability requires the victim to be logged in and visit a attacker-controlled page.

What an attacker can do

03Attacker Capabilities

Perform unauthorized actions (modify polls, settings) on behalf of a logged-in administrator without their consent.

Potential impact on your site

04Site Impact

An attacker can modify or delete polls and change poll settings by tricking administrators into visiting a malicious page.

Conditions required to exploit

05Prerequisites

Victim must be logged in to the site and visit an attacker-controlled link or page.

Key dates

06Disclosure timeline

June 15, 2026 CVE published
June 15, 2026 Record updated

Related vulnerabilities

08Related CVE