CVE-2016-20067 | WordPress CP Polls 1.0.8 contains a cross-site request forge… | CVSS 4.3 MEDIUM

Description

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.

Metadata

CVE ID: CVE-2016-20067
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-14 18:20 UTC
Published: 2026-06-15 12:00 UTC
Last updated: 2026-06-15 12:00 UTC
Primary CWE: CWE-352
Cross-Site Request Forgery (CSRF)
Vendor / Product: dwbooster / CP Polls
Sources: cve.org · NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected products (1)

Vendor	Product	Platform	Versions
dwbooster	CP Polls	—	1.0.8

Weakness (CWE)

CWE	Source	Description
CWE-352	cna	Cross-Site Request Forgery (CSRF)

CVSS scores (2)

Score	Severity	Version	Source	Vector
5.3	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
4.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References (2)

ExploitDB-39513 https://www.exploit-db.com/exploits/39513
VulnCheck Advisory: WordPress CP Polls 1.0.8 Cross-Site Request Forgery https://www.vulncheck.com/advisories/wordpress-cp-polls-cross-site-request-forgery