Basic Information Exposure in Poll Maker Plugin for WordPress
CVE-2024-12575

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Poll Maker – Versus Polls, Anonymous Polls, Image Polls
Vendor: CVE Published:; 16 August 2025

What is CVE-2024-12575?

The Poll Maker plugin for WordPress, specifically versions up to and including 5.8.9, is susceptible to a Basic Information Exposure vulnerability. This flaw arises from a weakness in the 'ays_finish_poll' AJAX action, which allows unauthenticated attackers to access sensitive admin email information embedded in poll responses. Such exposure can lead to privacy breaches and targeted attacks, highlighting the importance of updating to at least version 5.9.0 to mitigate this risk.

Affected Version(s)

Poll Maker – Versus Polls, Anonymous Polls, Image Polls * <= 5.8.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3320686/poll...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Dec 12, 2024

Credit

xiaoAGiao