What the vulnerability does
01Description
WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.
Explanation of Vulnerability in Simple Terms
02Summary
CP Polls contains a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of a logged-in user. An attacker can craft a malicious link or page that, when visited by a site administrator, modifies poll settings or data without the administrator's knowledge. The vulnerability requires the victim to be logged in and visit a attacker-controlled page.
What an attacker can do
03Attacker Capabilities
Perform unauthorized actions (modify polls, settings) on behalf of a logged-in administrator without their consent.
Potential impact on your site
04Site Impact
An attacker can modify or delete polls and change poll settings by tricking administrators into visiting a malicious page.
Conditions required to exploit
05Prerequisites
Victim must be logged in to the site and visit an attacker-controlled link or page.
Key dates
06Disclosure timeline
June 15, 2026
CVE published
June 15, 2026
Record updated