CVE-2016-20066

HIGH 7.2

WordPress CP Polls 1.0.8 Persistent Cross-Site Scripting

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary JavaScript in the browsers of users viewing the affected content.

CWE	CWE-79
Vendor	dwbooster
Product	cp polls
Published	Jun 15, 2026
Last Updated	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for dwbooster cp polls

Be the first to know when new high vulnerabilities affecting dwbooster cp polls are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

dwbooster / CP Polls

1.0.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/39513 vulncheck.com: https://www.vulncheck.com/advisories/wordpress-cp-polls-persistent-cross-site-scripting

Credits

Joaquin Ramirez Martinez [ i0akiN SEC-LABORATORY ]