Description
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Race Conditions.This issue affects Poll Maker: from n/a through <= 5.7.7.
Published: 2025-05-07
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic race condition caused by improper synchronization of shared resources within the Ays Pro Poll Maker plugin. When multiple requests manipulate the same poll data simultaneously, the plugin may process them in an interleaved order, resulting in corrupted data, inconsistent poll states, or a crash that could become a denial‑of‑service for the site. The weakness is identified as CWE‑362 and does not directly provide remote code execution or privilege escalation. The impact is limited to the integrity and availability of polls on affected WordPress installations.

Affected Systems

The affected product is the Ays Pro Poll Maker WordPress plugin, versions from the earliest available through 5.7.7. Administrators using any 5.7.7 or earlier installation of the Poll Maker free version on a WordPress site should consider their environment at risk. The vulnerability list includes the CPE identifier for ays‑pro:poll_maker free WordPress plugin.

Risk and Exploitability

The CVSS score of 5.3 indicates medium severity. The EPSS score is reported as less than 1%, suggesting a very low current exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Attackers would likely need to trigger concurrent operations—such as creating or editing multiple polls at the same time—through the web interface or by sending rapid API calls. Because the flaw is tied to concurrent execution, it is most effectively exploited under high concurrency or a denial‑of‑service attempt. Patching or upgrading the plugin mitigates the risk completely.

Generated by OpenCVE AI on April 30, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Ays Pro Poll Maker plugin to version 5.7.8 or newer, where the race condition is fixed.
  • If an upgrade cannot be performed immediately, restrict concurrent poll modifications by enabling server‑side rate limiting or temporarily disabling poll creation, editing, and deletion endpoints.
  • Ensure WordPress core, themes, and other plugins are current to reduce overall attack surface.
  • Monitor site logs for repeated concurrent requests to poll endpoints and consider blocking abusive IPs.

Generated by OpenCVE AI on April 30, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13791 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7. Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Race Conditions.This issue affects Poll Maker: from n/a through <= 5.7.7.
Title WordPress Poll Maker <= 5.7.7 - Race Condition Vulnerability WordPress Poll Maker plugin <= 5.7.7 - Race Condition Vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00068}

 epss

{'score': 0.00061}

Mon, 12 May 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Ays-pro
Ays-pro poll Maker
CPEs cpe:2.3:a:ays-pro:poll_maker:*:*:*:*:free:wordpress:*:*
Vendors & Products Ays-pro
Ays-pro poll Maker

Wed, 07 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 May 2025 14:45:00 +0000

Type Values Removed Values Added
Description Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7.
Title WordPress Poll Maker <= 5.7.7 - Race Condition Vulnerability
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Ays-pro Poll Maker
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:44.969Z

Reserved: 2025-05-07T09:39:53.907Z

Link: CVE-2025-47545

cve-icon Vulnrichment

Updated: 2025-05-07T17:19:59.136Z

cve-icon NVD

Status : Modified

Published: 2025-05-07T15:16:11.247

Modified: 2026-04-23T15:30:27.500

Link: CVE-2025-47545

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T20:30:26Z

Weaknesses