PT-2026-44746 · WordPress · Poll Maker

Satoo Nakano

·

Published

2026-05-29

·

Updated

2026-05-29

·

CVE-2026-8995

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Poll Maker – Versus Polls, Anonymous Polls, Image Polls versions prior to 6.3.8
Description Insufficient access controls in the 'ays poll get user information' AJAX action allow authenticated attackers with subscriber-level access or higher to retrieve sensitive account data. The system serializes and returns the complete WP User object without nonce verification or capability checks beyond verifying if the user is logged in. Exposed data includes the user pass (bcrypt password hash), user email, user login, user registered, roles, and all capabilities. This information, particularly the password hash, can be used for offline password-cracking attacks.
Recommendations Update to a version later than 6.3.7. As a temporary workaround, restrict access to the 'ays poll get user information' AJAX action to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8995

Affected Products

Poll Maker