Cross-Site Scripting Vulnerability in Democracy Poll Plugin for WordPress
CVE-2017-18520

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Democracy Poll
Vendor
CVE Published:
20 August 2019

Summary

The Democracy Poll plugin for WordPress, prior to version 5.4, is susceptible to Cross-Site Scripting (XSS) attacks. The vulnerability arises in the update_l10n function located in admin/class.DemAdminInit.php, allowing attackers to inject malicious scripts through unsanitized input. This could lead to unauthorized script execution in the context of the affected user, posing a risk to site security and potentially compromising sensitive information.

References

https://wordpress.org/plugins/democracy-poll/#developers
x_refsource_MISC
https://www.pluginvulnerabilities.com/2017/02/22/cross-si...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.