CVE-2023-50904: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in Poll Maker WordPress plugin affecting versions up to 4.8.0. The vulnerability was reported by Abdi Pranata on August 31, 2023, and was publicly disclosed on December 26, 2023. The issue was assigned CVE-2023-50904 and allows exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue, which refers to a missing authorization, authentication, or nonce token check in a function that could allow an unprivileged user to execute certain higher privileged actions. The vulnerability has been assigned a CVSS score of 5.3 (Medium severity), indicating a moderate level of risk (Patchstack).

The vulnerability could enable unprivileged users to perform actions that should be restricted to users with higher privileges. This broken access control issue is considered moderately dangerous and is expected to become exploited (Patchstack).

The vulnerability has been fixed in version 4.8.1 of the Poll Maker plugin. Users are advised to update to version 4.8.1 or later immediately. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).