CVE-2016-20067
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
WordPress CP Polls version 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.
Risk Assessment
This vulnerability poses a risk that attackers can take control of administrator actions, potentially leading to unauthorized changes in polls and data leakage.
Recommendation
It is recommended to update the CP Polls plugin to the latest version to mitigate this vulnerability and implement additional security measures such as CSRF token verification.
Original NVD description (English source)
WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.

