Cross-Site Request Forgery Vulnerability in Opinion Stage WordPress Plugin
CVE-2025-13143

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Poll, Survey & Quiz Maker Plugin By Opinion Stage
Vendor: CVE Published:; 27 November 2025

What is CVE-2025-13143?

The Poll, Survey & Quiz Maker Plugin from Opinion Stage for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the disconnect_account_action function. This vulnerability allows attackers to exploit the trust of authenticated users by tricking them into performing unintended actions, such as disconnecting their WordPress site from the Opinion Stage platform, by utilizing forged requests. It is imperative for site administrators to be aware of this security flaw and take necessary precautions to safeguard their sites from potential unauthorized changes.

Affected Version(s)

Poll, Survey & Quiz Maker Plugin by Opinion Stage * <= 19.12.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/social-polls-b...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2025
Vulnerability Reserved
Nov 13, 2025

Credit

Deadbee

JSON