CVE-2016-20067

MEDIUM 4.3

WordPress CP Polls 1.0.8 Cross-Site Request Forgery

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.

CWE	CWE-352
Vendor	dwbooster
Product	cp polls
Published	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for dwbooster cp polls

Be the first to know when new medium vulnerabilities affecting dwbooster cp polls are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

dwbooster / CP Polls

1.0.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/39513 vulncheck.com: https://www.vulncheck.com/advisories/wordpress-cp-polls-cross-site-request-forgery

Credits

Joaquin Ramirez Martinez [ i0akiN SEC-LABORATORY ]