CVE-2026-25428
MEDIUMSeverity by source
AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.
AnalysisAI
Server-Side Request Forgery in totalsoft TS Poll versions 2.5.5 and earlier enables authenticated attackers with high privileges to make arbitrary network requests from the affected server. While this MEDIUM severity vulnerability (CVSS 4.4) requires high-privilege credentials and difficult exploitation conditions, it could facilitate reconnaissance or attacks against internal resources. No patch is currently available.
Technical ContextAI
Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Affects totalsoft TS Poll poll-wp. Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.
Affected ProductsAI
Product: totalsoft TS Poll poll-wp.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today