PatchSiren cyber security CVE debrief
CVE-2016-20067 dwbooster CVE debrief
CVE-2016-20067 is a cross-site request forgery vulnerability in WordPress CP Polls 1.0.8. This vulnerability allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in. The CVSS score for this vulnerability is 5.3, which is considered MEDIUM severity.
- Vendor
- dwbooster
- Product
- CP Polls
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of WordPress CP Polls 1.0.8 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability exists in the WordPress CP Polls 1.0.8 plugin. An attacker can exploit this vulnerability by crafting a malicious HTML page that executes unwanted poll operations when an administrator visits the page while logged in.
Defensive priority
MEDIUM
Recommended defensive actions
- Update WordPress CP Polls to a version that is not vulnerable.
- Use a web application firewall to detect and prevent cross-site request forgery attacks.
- Educate administrators on the risks of visiting malicious pages while logged in.
Evidence notes
The CVE record for CVE-2016-20067 was obtained from [cve-org]. The NVD detail for CVE-2016-20067 was obtained from [nvd]. Additional information was obtained from [ref-4] and [ref-5].
Official resources
CVE-2016-20067 was published on 2026-06-15T14:16:29.680Z and has not been modified.