[GHSA-q2q3-6r63-6pc5] The Poll, Survey & Quiz Maker Plugin by Opinion Stage... #5731
Conversation
github-actions
bot
changed the base branch from
main
to
ArtemLapkin/advisory-improvement-5731
There was a problem hiding this comment.
Pull Request Overview
This PR enriches the vulnerability advisory by adding patch information, version ranges, and a package reference.
- Introduces a
summaryfield noting the patched release. - Updates
detailsto recommend upgrading to v19.10.0. - Populates the
affectedarray with ecosystem information and version ranges, and adds a PACKAGE reference.
Comments suppressed due to low confidence (2)
advisories/unreviewed/2025/06/GHSA-q2q3-6r63-6pc5/GHSA-q2q3-6r63-6pc5.json:31
- The fixed version is prefixed with
v; consider using the plain semver string "19.10.0" to match typical advisory conventions.
"fixed": "v19.10.0"
advisories/unreviewed/2025/06/GHSA-q2q3-6r63-6pc5/GHSA-q2q3-6r63-6pc5.json:9
- [nitpick] The
summaryshould briefly describe the vulnerability, not the patch release; consider moving patch info todetailsand summarizing the issue here.
"summary": "The patch has been released in v19.10.0",
| { | ||
| "package": { | ||
| "ecosystem": "Packagist", | ||
| "name": "" |
There was a problem hiding this comment.
The package.name field is empty; it should be populated with the plugin's identifier (e.g., "social-polls-by-opinionstage").
| "name": "" | |
| "name": "social-polls-by-opinionstage" |
Copilot uses AI. Check for mistakes.
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" |
There was a problem hiding this comment.
The introduced version "0" is unclear; specify a valid semantic version or use a range like < 19.10.0 to indicate all versions before the fix are affected.
| "introduced": "0" | |
| "introduced": "< 19.10.0" |
Copilot uses AI. Check for mistakes.
| } | ||
| ], | ||
| "database_specific": { | ||
| "last_known_affected_version_range": "< 19.9.0" |
There was a problem hiding this comment.
The range < 19.9.0 excludes version 19.9.0, but the details say it is affected; update to <= 19.9.0 or < 19.10.0.
| "last_known_affected_version_range": "< 19.9.0" | |
| "last_known_affected_version_range": "< 19.10.0" |
Copilot uses AI. Check for mistakes.
|
Hi @ArtemLapkin, I can't review the advisory (even to update it) because The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress isn't in one of the GitHub Advisory Database's supported ecosystems. In order to have the CVE record updated to reach as many users as possible, you can identify and contact the assigning CVE Numbering Authority using this guide. I wish you the best with getting the CVE record updated. Have a good day! |
Updates
Comments
The patch has been released in v19.10.0 - https://plugins.trac.wordpress.org/browser/social-polls-by-opinionstage/tags/19.10.0