CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
45.9%
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
Vendor | Product | Version | CPE |
---|---|---|---|
lesterchan | wp-postratings | 1.50 | cpe:2.3:a:lesterchan:wp-postratings:1.50:*:*:*:*:*:*:* |
lesterchan | wp-postratings | 1.61 | cpe:2.3:a:lesterchan:wp-postratings:1.61:*:*:*:*:*:*:* |
wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |