Skip to main content

Total Poll Lite

2 CVEs product

Monthly

CVE-2026-39651 MEDIUM This Month

TotalSuite Total Poll Lite plugin for WordPress versions up to 4.12.0 allows authenticated users to bypass access controls and modify poll data due to missing authorization checks on administrative functions. An authenticated attacker with low privileges can exploit incorrectly configured access control security levels to read, modify, or delete poll content without proper authorization, achieving a CVSS score of 6.3 with low exploitation probability (EPSS 0.02%).

Authentication Bypass Total Poll Lite
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27044 CRITICAL Act Now

Total Poll Lite, a WordPress plugin, contains an improper code injection vulnerability (CWE-94) that allows remote code inclusion and execution. All versions up to and including 4.12.0 are affected. An attacker can exploit this vulnerability to achieve remote code execution (RCE) on WordPress installations running the vulnerable plugin, potentially gaining full control of the affected web application.

Code Injection RCE Total Poll Lite
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

TotalSuite Total Poll Lite plugin for WordPress versions up to 4.12.0 allows authenticated users to bypass access controls and modify poll data due to missing authorization checks on administrative functions. An authenticated attacker with low privileges can exploit incorrectly configured access control security levels to read, modify, or delete poll content without proper authorization, achieving a CVSS score of 6.3 with low exploitation probability (EPSS 0.02%).

Authentication Bypass Total Poll Lite
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Total Poll Lite, a WordPress plugin, contains an improper code injection vulnerability (CWE-94) that allows remote code inclusion and execution. All versions up to and including 4.12.0 are affected. An attacker can exploit this vulnerability to achieve remote code execution (RCE) on WordPress installations running the vulnerable plugin, potentially gaining full control of the affected web application.

Code Injection RCE Total Poll Lite
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy