CVE-2023-6109 MEDIUM

CVE-2023-6109: YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation

Vendor Yourownprogrammer
Product YOP Poll
Weakness CWE-362
Published November 14, 2023
Last update April 8, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person.

Key dates

02Disclosure timeline

November 14, 2023 CVE published
April 8, 2026 Record updated