CVE-2026-8995

MEDIUM 4.3

Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ays_poll_get_user_information' AJAX action, which serializes and returns the complete WP_User object — including the user_pass (bcrypt password hash), user_email, user_login, user_registered, roles, and all capabilities — without any nonce verification or capability check beyond is_user_logged_in(). This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive account data including their own password hash, which WordPress does not expose through any of its standard interfaces and which can be leveraged for offline password-cracking attacks.

CWE	CWE-200
Vendor	ays-pro
Product	poll maker by ays – versus polls, anonymous polls, image polls
Published	May 29, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for ays-pro poll maker by ays – versus polls, anonymous polls, image polls

Be the first to know when new medium vulnerabilities affecting ays-pro poll maker by ays – versus polls, anonymous polls, image polls are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

ays-pro / Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls

0 ≤ 6.3.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

Credits

Satoo Nakano