Impact
A cross‑site request forgery flaw exists in CP Polls 1.0.8 that lets an attacker force logged‑in administrators to perform poll‑management actions without their knowledge. This weakness, classified as CWE‑352, enables manipulation of poll content and results, compromising the integrity of the site configuration.
Affected Systems
The WordPress plugin CP Polls, version 1.0.8, when installed on any WordPress site is affected. Administrators who are logged in while visiting a malicious page can trigger the exploit.
Risk and Exploitability
The vulnerability scores a CVSS impact of 5.3 and the EPSS score is 0.00116, indicating a very low exploitation probability; it is not listed in CISA KEV. Exploitation requires an attacker to host a malicious page that an authenticated administrator visits in a browser. The risk is moderate, with the main limitation that the attacker needs the victim to be logged into WordPress and to trigger the page. No widely known public exploits are documented.
OpenCVE Enrichment