CVE-2011-4646

2011-11-3019:55:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.001

Percentile

45.9%

JSON

SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

lesterchanwp-postratingsMatch1.50

lesterchanwp-postratingsMatch1.61

AND

wordpresswordpress

VendorProductVersionCPE
lesterchanwp-postratings1.50cpe:2.3:a:lesterchan:wp-postratings:1.50:*:*:*:*:*:*:*
lesterchanwp-postratings1.61cpe:2.3:a:lesterchan:wp-postratings:1.61:*:*:*:*:*:*:*
wordpresswordpress*cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lesterchan	wp-postratings	1.50	cpe:2.3:a:lesterchan:wp-postratings:1.50:::::::*
lesterchan	wp-postratings	1.61	cpe:2.3:a:lesterchan:wp-postratings:1.61:::::::*
wordpress	wordpress	*	cpe:2.3:a:wordpress:wordpress::::::::