CVE-2021-25117 WP Postratings < 1.86.1 - Admin+ Stored Cross-Site Scripting

2024-01-1615:49:22

WPScan

www.cve.org

wordpress plugin

stored cross-site scripting

security vulnerability

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfiltered_html capability is disabled.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP-PostRatings",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.86.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/d2d9a789-edae-4ae1-92af-e6132db7efcd/