A high-severity vulnerability in the Survey & Poll WordPress plugin could allow attackers to bypass security controls via cookie manipulation.

The vulnerability relates to improper handling of the cookie parameter, which may permit an attacker to bypass authentication or execute unauthorized actions.

Exploitation of this plugin could lead to the compromise of the underlying WordPress installation. A CVSS score of 8.2 justifies immediate action to prevent unauthorized data access, site defacement, or administrative account takeover.

Immediate Action: Update the Survey & Poll plugin to the latest vendor-provided version. If no patch is available, disable or remove the plugin immediately.

Proactive Monitoring: Audit WordPress user logs for suspicious account activity or unauthorized administrative actions.

Compensating Controls: Use a Web Application Firewall (WAF) to filter malicious cookie input and restrict access to administrative endpoints.

Public Exploit Available: false

All WordPress administrators using this plugin must verify their current version and update immediately. If the plugin is no longer maintained, it should be removed to eliminate the attack surface.