Does Democracy Poll have any unpatched vulnerabilities?

Yes — Democracy Poll currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Democracy Poll compatible with WordPress 6.8.5?

According to WordPress.org data, Democracy Poll 6.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Democracy Poll compatible with PHP 7.4+?

Democracy Poll requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Democracy Poll updated?

Democracy Poll was last updated on Aug 4, 2025. Frequent updates are generally a positive security signal.

What is Democracy Poll's security score?

Democracy Poll has a WP-Safety security score of 75/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Democracy Poll Security & Risk Analysis

wordpress.org/plugins/democracy-poll

WordPress polls plugin with multiple-choice, custom answers, cache compatibility, widgets, and shortcodes.

7K active installs v6.1.1 PHP 7.4+ WP 5.8+ Updated Aug 4, 2025

democracypollsreviewsurveyvote

B · Generally Safe

CVEs total3

Unpatched1

Last CVEApr 29, 2024

Plugin page Download

Safety Verdict

Is Democracy Poll Safe to Use in 2026?

Mostly Safe

Score 75/100

Democracy Poll is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Apr 29, 2024Updated 8mo ago

Risk Assessment

The democracy-poll plugin v6.1.1 presents a mixed security posture. While it demonstrates some good practices, such as the use of nonces and capability checks in some areas and a moderate percentage of SQL queries using prepared statements, significant concerns remain. The presence of two AJAX handlers without authorization checks creates a direct attack vector for unauthenticated users. The taint analysis revealing three high-severity flows with unsanitized paths is particularly worrying, suggesting potential for code injection or data leakage if these flows are exploitable.

The plugin's vulnerability history is a strong indicator of ongoing security issues, with three known CVEs, one of which is currently unpatched. The common types of vulnerabilities (Missing Authorization, CSRF, XSS) align with the findings in the static analysis, particularly the unauthenticated AJAX handlers and the taint analysis results. The recency of the last vulnerability (April 2024) suggests that these issues may not be historical and could still be present or easily reintroduced. While the plugin has some strengths, the combination of unprotected entry points, critical taint flows, and a history of unpatched vulnerabilities necessitates a cautious approach.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
Unpatched high severity CVE
SQL queries using prepared statements < 75%
Output escaping < 50%
Vulnerability history: 3 known CVEs

Vulnerabilities

Democracy Poll Security Vulnerabilities

CVEs by Year

2 CVEs in 2017

2017

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2024-33920medium · 5.3Missing Authorization

Democracy Poll <= 6.0.3 - Missing Authorization

Apr 29, 2024Unpatched

CVE-2017-18521high · 8.8Cross-Site Request Forgery (CSRF)

Democracy Poll <= 5.3.6 - Cross-Site Request Forgery

Feb 23, 2017 Patched in 5.4 (2525d)

CVE-2017-18520medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Democracy Poll < 5.4 - Cross-Site Scripting

Feb 22, 2017 Patched in 5.4 (2526d)

Code Analysis

Analyzed Mar 16, 2026

Democracy Poll Code Analysis

Dangerous Functions

Raw SQL Queries

39 prepared

Unescaped Output

217

99 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

45% prepared86 total queries

Output Escaping

31% escaped316 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths

render (classes\Admin\Admin_Page_Logs.php:42)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Democracy Poll Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 2

authwp_ajax_dem_ajaxclasses\Poll_Ajax.php:15

noprivwp_ajax_dem_ajaxclasses\Poll_Ajax.php:16

Shortcodes 2

[democracy] classes\Shortcodes.php:11

[democracy_archives] classes\Shortcodes.php:12

WordPress Hooks 20

filterplugin_action_linksclasses\Admin\Admin.php:21

actionadmin_menuclasses\Admin\Admin_Page.php:39

filterset-screen-optionclasses\Admin\Admin_Page.php:42

actionadmin_enqueue_scriptsclasses\Admin\Admin_Page_Design.php:24

actionadmin_bar_menuclasses\Admin\Admin_Page_Design.php:58

filtergettext_with_contextclasses\Admin\Admin_Page_l10n.php:152

actionadd_meta_boxesclasses\Admin\Post_Metabox.php:10

actionsave_postclasses\Admin\Post_Metabox.php:11

filtermce_external_pluginsclasses\Admin\Tinymce_Button.php:11

filtermce_buttonsclasses\Admin\Tinymce_Button.php:12

filterwp_mce_translationclasses\Admin\Tinymce_Button.php:13

actionadmin_noticesclasses\Helpers\Messages.php:80

actionswitch_blogclasses\Plugin_Initor.php:20

actionwidgets_initclasses\Plugin_Initor.php:68

actionadmin_bar_menuclasses\Plugin_Initor.php:76

actionwpclasses\Plugin_Initor.php:92

actionwp_headclasses\Plugin_Initor.php:96

actioninitclasses\Poll_Ajax.php:23

actionadmin_footerclasses\Poll_Widget.php:63

actionafter_setup_themedemocracy.php:31

Maintenance & Trust

Democracy Poll Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 4, 2025

PHP min version7.4

Downloads202K

Community Trust

Rating92/100

Number of ratings86

Active installs7K

Alternatives

Democracy Poll Alternatives

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs

Polls CP

cp-polls

Create classic polls and advanced polls with dependant questions. Voting / survey system.

500 9 CVEs

Poll And Survey plugin

poll-and-survey

This poll and survey plugin allows you to run any customized survey, poll or vote in your website. It could help you to get visitors/users openions ea …

10 No CVEs

Crowdsignal Forms

crowdsignal-forms

The Crowdsignal Forms plugin allows you to create and manage polls right from within the block editor.

100K 1 unpatched

WP-Polls

wp-polls

Adds an AJAX poll system to your WordPress blog. You can also easily add a poll into your WordPress's blog post/page.

40K 6 CVEs

Developer Profile

Democracy Poll Developer Profile

Timur Kamaev

5 plugins · 22K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

1448 days

View full developer profile

Detection Fingerprints

How We Detect Democracy Poll

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/democracy-poll/admin/css/jquery-ui.css/wp-content/plugins/democracy-poll/js/admin.js/wp-content/plugins/democracy-poll/admin/css/admin.css

Script Paths

/wp-content/plugins/democracy-poll/js/admin.js

Version Parameters

democracy-poll/admin/css/jquery-ui.css?ver=democracy-poll/js/admin.js?ver=democracy-poll/admin/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

democracy-poll-wrap

Data Attributes

data-democr-poll-iddata-democr-answer-iddata-democr-admin-ajaxurl

JS Globals

DemocracyPolldemocracy_poll_admin_ajax

Shortcode Output

<div class="democr-poll-results-count"><div class="democr-poll-answer-wrap"><div class="democr-poll-wrap">

FAQ