CVE-2025-3880

Name of the Vulnerable Software and Affected Versions The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress versions up to, and including, 19.9.0

Description The issue is related to a misconfigured capability check on several functions, allowing authenticated attackers with Contributor-level access and above to modify data unauthorized. This includes the ability to change the email address for the account connection and disconnect the plugin. Previously created content remains displayed and functional even if the account is disconnected.

Recommendations For versions up to, and including, 19.9.0, update to a version higher than 19.9.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functions to prevent unauthorized modifications until a patch is available.