Lucene search
Yet Another Stars Rating Security Vulnerabilities
cve
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
8.8CVSS
9.1AI Score
0.002EPSS
2019-10-10 05:15 PM
55
cve
Cross-Site Scripting (XSS) vulnerability discovered in Yasr β Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'.
6.1CVSS
5.9AI Score
0.001EPSS
2022-02-04 11:15 PM
31
cve
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR β Yet Another Star Rating Plugin for WordPress.This issue affects YASR β Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8.
8.1CVSS
8AI Score
0.001EPSS
2023-11-30 02:15 PM
25