Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.4
TS Poll <= 2.5.5 allows attackers to access unauthorized servers
CVE-2026-25428
Summary
An attacker can trick the TS Poll plugin into making requests to any server on the internet. This could allow an attacker to steal sensitive data or disrupt your website. Update to version 2.5.6 or later to fix this issue.
Original title
Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.
Original description
Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.
nvd CVSS3.1
4.4
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026