WordPress Plugin Vulnerabilities

YOP Poll < 6.5.27 - Unauthenticated Vote Manipulation via Race Condition

Description

The plugin is affected by a race condition, allowing unauthenticated users to vote multiple times on a poll even when it's configured to only allow one vote per person

Affects Plugins

Plugin icon
yop-poll
Fixed in 6.5.27

References

CVE
CVE-2023-6109

Classification

Type
RACE CONDITION
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-362
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
RIN MIYACHI
Verified
No
WPVDB ID
b864f460-e0ae-466d-b9f3-31c5273dd986

Timeline

Publicly Published
2023-11-13 (about 2 years ago)
Added
2023-11-14 (about 2 years ago)
Last Updated
2023-11-14 (about 2 years ago)

Other

Published
Title
Published
2025-09-22
Title
MasterStudy LMS < 3.6.21 - Authenticated (Subscriber+) Race Condition to Multiple Reviews
Published
2022-08-31
Title
WP-PostRatings < 1.90 - Ratings Tempering via Race Condition
Published
2022-10-05
Title
WP-Polls < 2.77.0 - Subscriber+ Race Condition
Published
2022-11-24
Title
WP ULike < 4.6.5 - Unauthenticated Rating Tampering via Race Condition
Published
2022-09-14
Title
Rate my Post < 3.3.5 - Subscriber+ Votes Tampering via Race Condition