Poll Maker – Versus Polls, Anonymous Polls, Image Polls < 5.9.0 – Unauthenticated Basic Information Exposure | CVE 2024-12575 | Plugin Vulnerabilities

Description

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information which is exposed in the poll response.

Affects Plugins

Fixed in 5.9.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/3674cfb8-6372-4309-a9de-e6ef7c0b3836

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

xiaoAGiao

Verified

No

WPVDB ID

32c98a6c-7b9c-4a03-8731-a9bdb2316df9

Timeline

Publicly Published

2025-08-15 (about 9 months ago)

Added

2025-08-15 (about 9 months ago)

Last Updated

2025-08-16 (about 9 months ago)

Other

Published

Title

Published

2025-12-12

Title

WPGraphQL Smart Cache < 2.0.1 - Unauthenticated Private Content Disclosure

Published

2023-11-24

Title

Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure

Published

2024-04-25

Title

User Meta < 3.1 - Unauthenticated Sensitive Information Exposure

Published

2024-11-25

Title

Jeg Elementor Kit < 2.6.10 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template

Published

2024-03-29

Title

Essential Addons for Elementor < 5.9.14 - Unauthenticated Private/Draft Posts Access