CVE-2017-18521

An attacker crafts a malicious link or HTML form that targets `wp-admin/options-general.php?page=democracy-poll&subpage=l10n` and lures an authenticated WordPress administrator into clicking it or submitting the form. Because the endpoint performs state-changing operations without a CSRF token (nonce), the attacker can force the administrator to unknowingly modify the plugin's localization settings. The attack requires no special network position — the victim's browser sends their existing session cookies with the forged request, making the server treat it as legitimate [ref_id=1].

The vulnerability exists in the Democracy Poll plugin before version 5.4 for WordPress. The affected endpoint is `wp-admin/options-general.php?page=democracy-poll&subpage=l10n`, which lacks a nonce check or other CSRF protection [ref_id=1]. The plugin's changelog for version 5.4 confirms the fix: "Nonce checks for all admin requests" [ref_id=1].

Version 5.4 of the Democracy Poll plugin added nonce checks for all admin requests, as stated in the changelog: "Nonce checks for all admin requests" [ref_id=1]. A WordPress nonce is a one-time-use security token that is embedded in forms and validated on the server side. By requiring a valid nonce before processing the `subpage=l10n` action, the plugin ensures the request originated from the legitimate admin interface rather than from an external attacker's crafted page or link. The advisory does not include a patch diff, but the changelog entry confirms the remediation approach.