CVE-2026-8995
Sensitive Information Exposure in Poll Maker WordPress Plugin
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | the_poll_maker | to 6.3.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Poll Maker β Versus Polls, Anonymous Polls, Image Polls plugin for WordPress has a vulnerability in versions up to and including 6.3.7. This vulnerability arises because the plugin does not properly restrict access to the 'ays_poll_get_user_information' AJAX action.
This action serializes and returns the complete WP_User object, which includes sensitive information such as the password hash (user_pass), user email, login name, registration date, roles, and capabilities.
The problem is that this information is returned without proper nonce verification or capability checks beyond simply verifying that the user is logged in. As a result, any authenticated user with subscriber-level access or higher can retrieve sensitive account data, including their own password hash.
This password hash is normally not exposed by WordPress and can be used for offline password-cracking attacks.
How can this vulnerability impact me? :
This vulnerability can impact you by exposing sensitive user account information to authenticated users who should not have access to it.
Specifically, attackers with subscriber-level access or higher can obtain password hashes and other personal data such as email addresses and user roles.
With the password hash, attackers can attempt offline password-cracking attacks to discover user passwords, potentially leading to account compromise.
This exposure increases the risk of unauthorized access, identity theft, and further exploitation of user accounts on the affected WordPress site.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability exposes sensitive user information including password hashes, email addresses, usernames, registration dates, roles, and capabilities due to insufficient access controls. Such exposure of personal and authentication data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access.
Specifically, the unauthorized disclosure of password hashes and user emails increases the risk of data breaches and offline password-cracking attacks, which can violate the confidentiality and integrity requirements mandated by these standards.