CVE-2024-12575

Medium CVSS 5.3

Overview

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information which is exposed in the poll response.

CWE: CWE-200 Published: 2025-08-16T03:15:25.427

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.3 (MEDIUM)
Detected tags: info_leak, wordpress (tag impact: LOW)

Recommended actions:

Reduce verbose errors, remove debug endpoints, minimize PII in logs.

Overview

Recommended tools

Tags