WordPress Plugin Vulnerabilities

Poll Maker < 5.7.8 - Unauthenticated Race Condition to Multi-Vote

Description

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to a Race Condition in all versions up to, and including, 5.7.7. This is due to the plugin not properly restricting a user's ability to fill out a poll multiple times.. This makes it possible for unauthenticated attackers to fill out a poll multiple times.

Affects Plugins

Plugin icon
poll-maker
Fixed in 5.7.8

References

CVE
CVE-2025-47545
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/94aca289-e242-4b0c-9bd8-cc77b1d26b34

Classification

Type
RACE CONDITION
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-362
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Ibrahim Mohammad
Verified
No
WPVDB ID
b6f31027-c413-478b-9c85-685016c6a5bb

Timeline

Publicly Published
2025-05-07 (about 1 year ago)
Added
2025-05-13 (about 1 year ago)
Last Updated
2025-05-13 (about 1 year ago)

Other

Published
Title
Published
2026-05-24
Title
Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition
Published
2023-11-06
Title
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
Published
2025-09-22
Title
MasterStudy LMS < 3.6.21 - Authenticated (Subscriber+) Race Condition to Multiple Reviews
Published
2022-01-19
Title
AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition
Published
2022-10-05
Title
WP-Polls < 2.77.0 - Subscriber+ Race Condition