CVE-2023-6109: 
WordPress vulnerability analysis and mitigation

The YOP Poll plugin for WordPress contains a race condition vulnerability (CVE-2023-6109) affecting all versions up to and including 6.5.26. The vulnerability was discovered in the plugin's add() function implementation, which lacks proper synchronization mechanisms (NVD).

The vulnerability stems from improper restrictions in the add() function, which creates a race condition in the voting mechanism. The CVSS v3.1 base score is rated as 5.3 (MEDIUM) by Wordfence with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, while NVD rates it as 3.7 (LOW) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) (NVD).

The vulnerability allows unauthenticated attackers to manipulate poll results by placing multiple votes on a single poll, even when the poll settings restrict users to one vote per person. This compromises the integrity of the polling system (WPScan).

The vulnerability has been patched in version 6.5.27 of the YOP Poll plugin. Users are advised to update to this version or later to protect against potential exploitation (WPScan).