Democracy Poll

22 Feb 2017

Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Democracy Poll

As part of the feature of our service where we do security reviews of plugins that are selected by our customers, we recently reviewed the plugin Democracy Poll. The most serious issue we found in that review was a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability.

The CSRF potion of the vulnerability was due to a lack of a nonce on the Texts Changes tab of the plugin’s admin page and a lack of a check for a valid one when processing a request to change the plugin’s settings . [Read more]

22 Feb 2017

WordPress Plugin Security Review: Democracy Poll

For our fouth security review of a plugin based on the voting of our customers, we reviewed the plugin Democracy Poll.

If you are not yet a customer of the service you can currently try it free for your first month and then start suggesting and voting on plugins to get security reviews after your first payment for the service. For those already using the service that haven’t already suggested and voted for plugins you can start doing that here. [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Democracy Poll

Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Democracy Poll

WordPress Plugin Security Review: Democracy Poll