Get Started

WordPress: Unauthorized Data Modification via Misconfigured Capability Checks in Opinion Stage Plugin

by the Hossted team
20.06.2025

In Poll, Survey & Quiz Maker Plugin by Opinion Stage for WordPress versions up to and including 19.9.0 a medium severity vulnerability CVE-2025-3880 was detected. This vulnerability allows authenticated users with Contributor access and above to change plugin settings, including the account email or connection status, due to insufficient permission checks. To address this issue, users should upgrade Poll, Survey & Quiz Maker Plugin to versions 19.10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3880.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR