This vulnerability is a CSRF issue in the Automattic Crowdsignal Dashboard plugin for polls and surveys, affecting versions up to 3.1.3. It allows an attacker to trick an authenticated user into submitting unauthorized requests, potentially leading to limited impact on the integrity of the application. The vulnerability does not affect confidentiality or availability according to the CVSS vector, which rates impact as integrity-low only. No official patch or mitigation details have been provided in the available data.

The impact is limited to a low integrity loss, meaning an attacker could cause an authenticated user to perform unintended actions within the Crowdsignal Dashboard plugin. There is no impact on confidentiality or availability. The medium CVSS score reflects the ease of attack (network vector, no privileges required) but limited impact scope. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider implementing standard CSRF mitigations such as verifying request origins or using anti-CSRF tokens if possible. Monitor official Automattic communications for updates and patches addressing this vulnerability.