Vulnerabilities > WP Kama > Democracy Poll > 4.7.1

DATE CVE VULNERABILITY TITLE RISK
2019-08-21 CVE-2017-18521 Cross-Site Request Forgery (CSRF) vulnerability in Wp-Kama Democracy Poll
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
network
low complexity
wp-kama CWE-352
8.8
8.8
2019-08-20 CVE-2017-18520 Cross-site Scripting vulnerability in Wp-Kama Democracy Poll
The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php.
network
low complexity
wp-kama CWE-79
6.1
6.1