CVE-2026-8995

EPSS 0.28%
Veröffentlicht 29.05.2026 02:27:46
Zuletzt bearbeitet 29.05.2026 13:09:05
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ays_poll_get_user_information' AJAX action, which serializes and returns the complete WP_User object — including the user_pass (bcrypt password hash), user_email, user_login, user_registered, roles, and all capabilities — without any nonce verification or capability check beyond is_user_logged_in(). This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive account data including their own password hash, which WordPress does not expose through any of its standard interfaces and which can be leveraged for offline password-cracking attacks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerays-pro

≫

Produkt Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls

Default Statusunaffected

Version <= 6.3.7

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.198

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.wordfence.com/threat-intel/vulnerabilities/id/5d1ff79e-5246-422a-ae75-20763e7acd17?source=cve

https://plugins.trac.wordpress.org/browser/poll-maker/tags/6.3.7/public/class-poll-maker-ays-public.php#L2967

https://plugins.trac.wordpress.org/browser/poll-maker/tags/6.3.7/includes/class-poll-maker-ays.php#L318

https://plugins.trac.wordpress.org/browser/poll-maker/tags/6.3.7/public/class-poll-maker-ays-public.php#L2960

https://plugins.trac.wordpress.org/browser/poll-maker/tags/6.2.7/public/class-poll-maker-ays-public.php#L2967

https://plugins.trac.wordpress.org/browser/poll-maker/tags/6.2.7/includes/class-poll-maker-ays.php#L318

https://plugins.trac.wordpress.org/browser/poll-maker/tags/6.2.7/public/class-poll-maker-ays-public.php#L2960

https://plugins.trac.wordpress.org/browser/poll-maker/tags/6.3.8/public/class-poll-maker-ays-public.php#L2959

https://plugins.trac.wordpress.org/browser/poll-maker/tags/6.3.8/includes/class-poll-maker-ays.php#L318

https://nvd.nist.gov/vuln/detail/CVE-2026-8995

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-8995

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-8995

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-8995