CVE-2025-64370 identifies a missing authorization vulnerability in the YOP Poll plugin for WordPress, specifically affecting versions up to 6.5.38. The root cause is an incorrectly configured access control mechanism that fails to properly verify user permissions before allowing certain operations. This flaw enables unauthenticated remote attackers to perform actions that should be restricted, such as modifying poll data or results, thereby compromising data integrity. The vulnerability does not impact confidentiality or availability, as it does not expose sensitive information or disrupt service. The CVSS 3.1 base score is 5.3 (medium), reflecting the network attack vector, low attack complexity, no privileges required, and no user interaction needed. Although no exploits have been reported in the wild, the ease of exploitation and the potential for data manipulation make this a concern for organizations relying on YOP Poll for user feedback or decision-making. The absence of patches at the time of disclosure necessitates immediate risk mitigation through access control reviews and monitoring.

For European organizations, this vulnerability could undermine the integrity of poll data collected via YOP Poll, potentially skewing survey results, customer feedback, or internal decision-making processes. Organizations that rely on these polls for business intelligence, marketing, or employee engagement may face reputational damage or flawed strategic decisions. While the vulnerability does not directly compromise sensitive data or system availability, the manipulation of poll outcomes can have indirect operational and trust impacts. Public sector entities or political organizations using YOP Poll for opinion gathering could be particularly sensitive to such data integrity issues. The medium severity rating suggests a moderate risk, but the lack of authentication requirements and remote exploitability increase the urgency for mitigation in environments where YOP Poll is deployed.

1. Immediately audit all WordPress sites using YOP Poll to identify affected versions (<= 6.5.38). 2. Implement strict access control policies at the web server and application level to restrict access to poll management functions only to authorized users. 3. Monitor logs for unusual or unauthorized poll modification attempts, leveraging web application firewalls (WAF) to detect and block suspicious requests. 4. Disable or remove YOP Poll plugins on sites where polling functionality is not critical or can be temporarily suspended. 5. Engage with the YOP vendor or community to obtain and apply security patches as soon as they are released. 6. Consider deploying additional security layers such as multi-factor authentication for administrative access to WordPress dashboards. 7. Educate site administrators about the risks of unauthorized poll manipulation and best practices for plugin management and updates.