CVE-2025-3880: 
WordPress vulnerability analysis and mitigation

The Poll, Survey & Quiz Maker Plugin by Opinion Stage for WordPress contains a vulnerability (CVE-2025-3880) discovered in June 2025. This security issue affects all versions up to and including 19.9.0, and stems from a misconfigured capability check on several functions that allows authenticated users with Contributor-level access or higher to modify sensitive plugin settings (NVD, Wiz).

The vulnerability is caused by incorrect authorization checks (CWE-863) in the plugin's functionality. It has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (Wordfence).

If exploited, the vulnerability allows authenticated attackers with Contributor-level privileges to change the email address associated with the account connection and disconnect the plugin. However, any previously created content will remain displayed and functional even if the account is disconnected (NVD).

The vulnerability has been patched in version 19.10.0 of the Poll, Survey & Quiz Maker Plugin. Users are advised to update to this latest version to protect against potential exploitation (WordPress Plugin).