PT-2026-44746 · WordPress · Poll Maker
Satoo Nakano
·
Published
2026-05-29
·
Updated
2026-05-29
·
CVE-2026-8995
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Poll Maker – Versus Polls, Anonymous Polls, Image Polls versions prior to 6.3.8
Description
Insufficient access controls in the 'ays poll get user information' AJAX action allow authenticated attackers with subscriber-level access or higher to retrieve sensitive account data. The system serializes and returns the complete
WP User object without nonce verification or capability checks beyond verifying if the user is logged in. Exposed data includes the user pass (bcrypt password hash), user email, user login, user registered, roles, and all capabilities. This information, particularly the password hash, can be used for offline password-cracking attacks.Recommendations
Update to a version later than 6.3.7.
As a temporary workaround, restrict access to the 'ays poll get user information' AJAX action to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Poll Maker