WP-Safety

Quiz, Poll & Survey Maker by Opinion Stage Security & Risk Analysis

wordpress.org/plugins/social-polls-by-opinionstage

Boost engagement and capture leads with interactive quizzes, polls, and surveys. Built for marketers, publishers, and businesses

7K active installs v19.12.3 PHP 7.0+ WP 5.6+ Updated Mar 6, 2026
lead-generationpollquizquiz-makersurvey
88
A · Safe
CVEs total7
Unpatched0
Last CVEJan 19, 2026
Plugin page Download
Safety Verdict

Is Quiz, Poll & Survey Maker by Opinion Stage Safe to Use in 2026?

Generally Safe

Score 88/100

Quiz, Poll & Survey Maker by Opinion Stage has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Jan 19, 2026Updated 28d ago
Risk Assessment

The static analysis of social-polls-by-opinionstage v19.12.3 reveals a generally strong security posture with no identified critical or high severity taint flows, no dangerous function usage, and a high percentage of properly escaped output. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating nonce and capability checks in its code. The attack surface appears to be minimal with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that lack authorization checks.

However, a significant concern arises from the plugin's extensive vulnerability history. With a total of 7 known CVEs, including 3 high and 4 medium severity vulnerabilities, and a recent vulnerability recorded in January 2026, the plugin has a clear pattern of past security weaknesses. These past vulnerabilities spanned common types such as Cross-Site Scripting (XSS), Missing Authorization, Cross-Site Request Forgery (CSRF), and PHP Remote File Inclusion. While there are currently no unpatched CVEs for this specific version, the historical trend indicates a recurring need for diligent patching and suggests potential underlying architectural issues that have led to multiple exploitable flaws.

In conclusion, while version 19.12.3 exhibits good coding practices in its current state, the plugin's historical vulnerability record presents a significant risk. Users should exercise caution, remain vigilant for future updates and security advisories, and be aware of the potential for undiscovered or zero-day vulnerabilities, especially given the recent history of high-severity issues. The absence of current unpatched CVEs is a positive sign, but the past patterns warrant a cautious approach.

Key Concerns

  • Significant historical vulnerability record (7 CVEs)
  • History of high severity vulnerabilities (3)
  • History of medium severity vulnerabilities (4)
  • Recent vulnerability in 2026-01-19
  • Past vulnerabilities include XSS, Auth issues, RFI
  • 86% output properly escaped (some unescaped)
Vulnerabilities
7

Quiz, Poll & Survey Maker by Opinion Stage Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
4 CVEs in 2025
2025
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

High
3
Medium
4

7 total CVEs

WF-418a6ed7-a19e-4741-a6db-f1016156a468-social-polls-by-opinionstagehigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.6.25 - Unauthenticated Stored Cross-Site Scripting

Jan 19, 2026 Patched in 19.6.25 (9d)
CVE-2019-25297high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.6.25 - Unauthenticated Stored Cross-Site Scripting

Jan 19, 2026 Patched in 19.6.25 (1d)
CVE-2025-68594medium · 5.3Missing Authorization

Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.12.0 - Missing Authorization

Dec 22, 2025 Patched in 19.12.1 (37d)
CVE-2025-13143medium · 4.3Cross-Site Request Forgery (CSRF)

Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.12.0 - Cross-Site Request Forgery to Account Disconnection

Nov 26, 2025 Patched in 19.12.1 (1d)
CVE-2025-53328high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.11.0 - Unauthenticated Local File Inclusion

Aug 26, 2025 Patched in 19.11.1 (11d)
CVE-2025-3880medium · 4.3Incorrect Authorization

Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.9.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings Update

Jun 16, 2025 Patched in 19.10.0 (1d)
WF-e0f19403-af02-4a29-b4f3-778da4c2df17-social-polls-by-opinionstagemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.6.24 - Unauthenticated Stored Cross-Site Scripting

Sep 16, 2019 Patched in 19.6.25 (1590d)
Code Analysis
Analyzed Mar 16, 2026

Quiz, Poll & Survey Maker by Opinion Stage Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
18
112 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

86% escaped130 total outputs
Attack Surface

Quiz, Poll & Survey Maker by Opinion Stage Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actionadmin_noticesplugin.php:105
actionadmin_noticesplugin.php:107
actionactivated_pluginplugin.php:118
actionadmin_noticesplugin.php:125
actionplugins_loadedplugin.php:129
actionadmin_menusrc\Modules\Admin.php:25
actionadmin_initsrc\Modules\Admin.php:26
actionadmin_menusrc\Modules\Admin.php:29
actionadmin_initsrc\Modules\Admin.php:30
actionmedia_buttonssrc\Modules\Admin.php:33
actionadmin_menusrc\Modules\Admin.php:35
actionadmin_enqueue_scriptssrc\Modules\Admin.php:37
actionadmin_footersrc\Modules\Admin.php:92
actioninitsrc\Modules\Gutenberg.php:17
filterblock_categories_allsrc\Modules\Gutenberg.php:18
actionwp_enqueue_scriptssrc\Modules\Shortcodes.php:21
actionwp_headsrc\Modules\Shortcodes.php:22
Maintenance & Trust

Quiz, Poll & Survey Maker by Opinion Stage Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 6, 2026
PHP min version7.0
Downloads1.3M

Community Trust

Rating88/100
Number of ratings277
Active installs7K
Alternatives

Quiz, Poll & Survey Maker by Opinion Stage Alternatives

Riddle Quiz Maker – easily add quizzes with unlimited lead generation to your site

Riddle Quiz Maker – easily add quizzes with unlimited lead generation to your site

riddle-playful-content-on-the-go

A
100

Riddle’s beautifully intuitive quiz maker lets you create unlimited quizzes, personality tests, and more—no coding, no limits.

300 No CVEs
SurveyX Builder – Easy Feedback, Poll, Quiz & Survey

SurveyX Builder – Easy Feedback, Poll, Quiz & Survey

surveyx-builder

A
100

Create surveys, polls, quizzes, and feedback forms. Fast, lightweight, and optimized to boost responses and user engagement.

1K No CVEs
TotalSurvey for Survey, Quiz and Form

TotalSurvey for Survey, Quiz and Form

totalsurvey

A
100

Create satisfaction survey, engaging quiz, gather feedback and run exam with the best WordPress survey and quiz plugin.

600 No CVEs
involve.me – Create Surveys, Quizzes, Calculators & Forms as Embedded Widgets or Pop-ups

involve.me – Create Surveys, Quizzes, Calculators & Forms as Embedded Widgets or Pop-ups

involve-me

A
92

Add forms, quizzes, surveys and interactive calculators to your WordPress site. Easily embed or use as pop-ups. No coding required.

400 No CVEs
Polls, Surveys, Contests and Quizzes for Pages

Polls, Surveys, Contests and Quizzes for Pages

polls-surveys-contests-and-quizzes-for-pages

A
85

Embed polls, surveys, contests and quizzes into your WordPress site and get valuable feedback from your customers.

90 No CVEs
Developer Profile

Quiz, Poll & Survey Maker by Opinion Stage Developer Profile

Assaf Parag

1 plugin · 7K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
236 days
View full developer profile
Detection Fingerprints

How We Detect Quiz, Poll & Survey Maker by Opinion Stage

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-polls-by-opinionstage/assets/css/opinionstage-admin-notice.css/wp-content/plugins/social-polls-by-opinionstage/assets/css/opinionstage-admin.css/wp-content/plugins/social-polls-by-opinionstage/assets/js/opinionstage-admin-script.js/wp-content/plugins/social-polls-by-opinionstage/assets/js/opinionstage-admin-widget-script.js
Script Paths
/wp-content/plugins/social-polls-by-opinionstage/assets/js/opinionstage-admin-script.js/wp-content/plugins/social-polls-by-opinionstage/assets/js/opinionstage-admin-widget-script.js
Version Parameters
social-polls-by-opinionstage/assets/css/opinionstage-admin-notice.css?ver=social-polls-by-opinionstage/assets/css/opinionstage-admin.css?ver=social-polls-by-opinionstage/assets/js/opinionstage-admin-script.js?ver=social-polls-by-opinionstage/assets/js/opinionstage-admin-widget-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
opinionstage-warningopinionstage-admin-widget-settings
HTML Comments
<!-- Opinionstage admin notice for minimum PHP version. --><!-- Opinionstage admin notice for minimum WordPress version. --><!-- Notify about other OpinionStage plugin already available -->
Data Attributes
id="opinionstage-warning"id="opinionstage-admin-widget-settings"
JS Globals
opinionstage_admin_script_params
REST Endpoints
/wp-json/opinionstage/v1/ajax/get_current_user_widget/wp-json/opinionstage/v1/ajax/get_widgets
FAQ

Frequently Asked Questions about Quiz, Poll & Survey Maker by Opinion Stage