Lucene search

[email protected]CVE-2011-4646

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-4646

2022-10-0316:15:13

CWE-94

[email protected]

web.nvd.nist.gov

cve-2011-4646

sql injection

wp-postratings.php

wp-postratings plugin

nvd

security vulnerability

wordpress

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.8%

JSON

SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

lesterchanwp-postratingsMatch1.50

lesterchanwp-postratingsMatch1.61

AND

wordpresswordpress

CPENameOperatorVersion
lesterchan:wp-postratingslesterchan wp-postratingseq1.50
lesterchan:wp-postratingslesterchan wp-postratingseq1.61

CPE	Name	Operator	Version
lesterchan:wp-postratings	lesterchan wp-postratings	eq	1.50
lesterchan:wp-postratings	lesterchan wp-postratings	eq	1.61

References

plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.php?old=355076&old_path=wp-postratings%2Ftrunk%2Fwp-postratings.php

secunia.com/advisories/46328

wordpress.org/extend/plugins/wp-postratings/changelog/

www.securityfocus.com/bid/49986

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for CVE-2011-4646

wpvulndb1 prion1 cvelist1 nvd1 patchstack1