{"cve":{"cve_id":"CVE-2016-20067","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00116,"epss_percentile":0.01916,"epss_as_of":"2026-06-23","description":"WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.","published_at":"2026-06-15T12:00:38.234000Z","last_modified_at":null,"cvss_v3_score":4.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":5.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-352"],"nvd_references":["https://www.exploit-db.com/exploits/39513","https://www.vulncheck.com/advisories/wordpress-cp-polls-cross-site-request-forgery"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:08:41.025961Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"L","value_label":"Low"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"L","value_label":"Low"},{"metric":"SA","name":"Availability (Subsequent System)","value":"L","value_label":"Low"}]},"affected":[{"vendor_slug":"dwbooster","vendor_name":"dwbooster","product_slug":"cp-polls","product_name":"CP Polls","version_start":"1.0.8","version_start_inclusive":true,"version_end":"1.0.8","version_end_inclusive":true,"cpe23_uri":"cve5:dwbooster:cp-polls:1.0.8:1.0.8"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.exploit-db.com/exploits/39513","source_type":"EXPLOIT","tags":["exploit"]},{"url":"https://www.vulncheck.com/advisories/wordpress-cp-polls-cross-site-request-forgery","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2026-06-15T12:00:38.234000Z","label":"CVE published","source":null},{"type":"ssvc_changed","at":"2026-06-24T00:31:03.361249Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:03.361249Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:03.361249Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:03.361249Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:03.361249Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:03.361249Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:03.361249Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:03.361249Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:03.361249Z","label":"CVSS score revised","source":"vulnrichment"}]}