Because of this vulnerability in wp-postratings.php, the authenticated users can execute arbitrary SQL commands via the id attribute of the rating shortcode when creating a post.
Update the plugin to the latest available version (at least 1.62).
CPE | Name | Operator | Version |
---|---|---|---|
wp-postratings | le | 1.61 |