Plattform
wordpress
Komponente
totalpoll-lite
Behoben in
4.12.1
CVE-2026-27044 describes a Remote Code Execution (RCE) vulnerability within the Total Poll Lite WordPress plugin. This flaw allows attackers to achieve Remote Code Inclusion, potentially granting them complete control over affected WordPress installations. The vulnerability impacts versions from 0.0.0 up to and including 4.12.0. A patch is expected to be released by the vendor.
The impact of this RCE vulnerability is severe. An attacker could exploit it to execute arbitrary code on the web server hosting the vulnerable WordPress site. This could lead to complete compromise of the site, including data theft, defacement, malware installation, and lateral movement to other systems on the network. The attacker could potentially gain access to sensitive user data stored within the WordPress database or use the compromised server as a launchpad for further attacks. The Remote Code Inclusion aspect significantly elevates the risk, as it bypasses typical input validation and allows direct execution of malicious code.
This vulnerability is considered highly likely to be exploited due to its CRITICAL severity and the ease of Remote Code Inclusion. While no public exploits are currently known, the potential for widespread exploitation is significant, particularly given the popularity of the Total Poll Lite plugin. The vulnerability was publicly disclosed on 2026-03-25. It is recommended to monitor security advisories and threat intelligence feeds for any signs of active exploitation.
WordPress websites utilizing the Total Poll Lite plugin, particularly those running versions 0.0.0 through 4.12.0, are at significant risk. Shared hosting environments are particularly vulnerable, as attackers may be able to exploit the vulnerability on multiple websites hosted on the same server. Sites with weak file access controls or inadequate security monitoring are also at increased risk.
• wordpress / composer / npm:
wp plugin list | grep total-poll-lite• wordpress / composer / npm:
grep -r 'include($_REQUEST' /var/www/html/wp-content/plugins/total-poll-lite/*• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/total-poll-lite/ | grep 'Remote Code Inclusion'disclosure
Exploit-Status
EPSS
0.05% (17% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to a patched version of the Total Poll Lite plugin as soon as it becomes available. Until a patch is released, consider temporarily disabling the plugin to prevent exploitation. Implement strict file access controls on the WordPress server to limit the attacker's ability to upload and execute malicious files. Web Application Firewalls (WAFs) can be configured with rules to detect and block attempts to include remote files. Monitor WordPress logs for suspicious activity, particularly attempts to access or modify plugin files.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle im Detail und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27044 is a critical Remote Code Execution vulnerability in the Total Poll Lite WordPress plugin, allowing attackers to execute arbitrary code via Remote Code Inclusion.
You are affected if your WordPress site uses Total Poll Lite versions 0.0.0 through 4.12.0. Upgrade immediately when a patch is available.
Upgrade to the latest version of Total Poll Lite as soon as a patch is released by the vendor. Temporarily disable the plugin until the update is applied.
While no public exploits are currently known, the CRITICAL severity and ease of exploitation suggest it is highly likely to be targeted.
Check the Total Poll Lite website and WordPress plugin repository for official advisories and updates related to CVE-2026-27044.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.