CVE-2026-8995— Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ays-pro | Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls | ≤ 6.3.7 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-8995
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ays_poll_get_user_information' AJAX action, which serializes and returns the complete WP_User object — including the user_pass (bcrypt password hash), user_email, user_login, user_registered, roles, and all capabilities — without any nonce verification or capability check beyond is_user_logged_in(). This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive account data including their own password hash, which WordPress does not expose through any of its standard interfaces and which can be leveraged for offline password-cracking attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ays-pro | Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls | 0 ~ 6.3.7 | - |
II. Public POCs for CVE-2026-8995
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-8995
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-8995 (1)
Vendor Advisories for CVE-2026-8995 (1)
Other References for CVE-2026-8995 (1)
IV. Related Vulnerabilities
Same vendor: ays-pro
- CVE-2026-6817
Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored Cross - CVE-2026-1336
AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7. - CVE-2026-2367
Secure Copy Content Protection and Content Locking <= 5.0.1 - CVE-2026-2384
Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored - CVE-2026-1320
Secure Copy Content Protection and Content Locking <= 4.9.8
Same weakness: CWE-200
- CVE-2026-2128
Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitiv - CVE-2026-47136
RustFS: Unauthenticated RustFS console license endpoint expo - CVE-2026-45332
Automad Broken Access Control: unauthenticated exposure of a - CVE-2026-7526
PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Informa - CVE-2026-42878
FacturaScripts: Unauthenticated phpinfo() Disclosure via Ins
V. Comments for CVE-2026-8995
No comments yet