WordPress Plugin Vulnerabilities

Democracy Poll <= 6.1.1 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
democracy-poll
No known fix

References

CVE
CVE-2024-33920
URL
https://patchstack.com/database/wordpress/plugin/democracy-poll/vulnerability/wordpress-democracy-poll-plugin-6-0-3-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
23ffc5db-7973-4826-a7a5-815e26e06a55

Timeline

Publicly Published
2024-04-29 (about 2 years ago)
Added
2024-05-07 (about 2 years ago)
Last Updated
2025-08-05 (about 9 months ago)

Other

Published
Title
Published
2023-11-16
Title
10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status
Published
2026-03-31
Title
Simple Membership < 4.7.2 - Missing Authorization
Published
2026-01-30
Title
Serious Slider < 1.3.0 - Missing Authorization
Published
2023-06-26
Title
Subscribe2 – Form, Email Subscribers & Newsletters < 10.41 - Missing Access Controls
Published
2024-08-26
Title
JobSearch < 2.5.6 - Missing Authorization