CVE-2025-3880

Published: Jun 17, 2025Modified: Jul 9, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: security@wordfence.com (Secondary)

Description

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to change the email address for the account connection, and disconnect the plugin. Previously created content will still be displayed and functional if the account is disconnected.

Affected (1)

Products: Opinionstage: Poll, Survey & Quiz Maker

1 product

Poll, Survey & Quiz Maker

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opinionstage Poll, Survey & Quiz Maker	Before 19.10.0

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://plugins.trac.wordpress.org/browser/social-polls-by-opinionstage/trunk/plugin.php

Source: security@wordfence.com

Product

https://plugins.trac.wordpress.org/browser/social-polls-by-opinionstage/trunk/src/Modules/Admin.php

Source: security@wordfence.com

Product

https://plugins.trac.wordpress.org/changeset/3310848/

Source: security@wordfence.com

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/ba86268a-7bd6-40ed-9af6-29409245675d?source=cve

Source: security@wordfence.com

Third Party Advisory

Timeline

No history available yet.