Threat Entry Updated 2025-12-01

CVE-2025-13143 - Social Polls By Opinionstage Plugin

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the disconnect_account_action function. This makes it possible for unauthenticated attackers to disconnect the site from the Opinion Stage platform integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Social Polls By Opinionstage

CVE-2025-13143

MEDIUM CVSS 4.3 2025-11-27

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-07-09

CVE-2025-3880 - Social Polls By Opinionstage Plugin

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to change the email address for the account connection, and disconnect the plugin. Previously created content will still be displayed and functional if the account is disconnected.

PLUGIN Social Polls By Opinionstage

CVE-2025-3880

MEDIUM CVSS 4.3 2025-06-17

Risk Score

Open Full Technical Breakdown