CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Milan Petrovic GD Rating System allows PHP Local File Inclusion.This issue affects GD Rating System: from n/a through 3.6...

5.3CVSS6.8AI score0.00578EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:50 a.m.•3 views

CVE-2024-11198

The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extraclass’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS5.8AI score0.0036EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 1:9 p.m.•4 views

CVE-2024-25093

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5...

7.1CVSS7AI score0.00115EPSS

Exploits0References1

NVD•added 2024/11/19 1:15 p.m.•12 views

CVE-2024-11198

6.4CVSS0.0036EPSS

Exploits0References4

CVE•added 2024/11/19 12:45 p.m.•62 views

CVE-2024-11198

CVE-2024-11198 : GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the extra_class parameter in all versions up to 3.6.1. Exploitation requires authentication at Contributor level or higher and can allow injected scripts to execute when users load affected pag...

6.4CVSS5.7AI score0.0036EPSS

Exploits0References4

Vulnrichment•added 2024/11/19 12:45 p.m.•15 views

CVE-2024-11198 GD Rating System <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via extra_class Parameter

6.4CVSS5.8AI score0.0036EPSS

Exploits0References4

Patchstack•added 2024/11/19 1:9 a.m.•1 views

WordPress GD Rating System plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via extra_class Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via extraclass Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin GD Rating System versions = 3.6.1...

6.4CVSS5.8AI score0.0036EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/11/19 12:0 a.m.•1 views

PT-2024-16815 · WordPress · Gd Rating System

Name of the Vulnerable Software and Affected Versions: GD Rating System plugin for WordPress versions up to, and including, 3.6.1 Description: The issue is related to Stored Cross-Site Scripting via the extra class parameter due to insufficient input sanitization and output escaping. This allows...

6.4CVSS8AI score0.0036EPSS

Exploits0References23

Patchstack•added 2024/11/19 12:0 a.m.•9 views

WordPress GD Rating System Plugin <= 3.6.1 is vulnerable to Cross Site Scripting (XSS)

Software GD Rating System Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11198 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 65f32a77a93e Credits Peter Thaleikis Requir...

6.4CVSS6AI score0.0036EPSS

Exploits0References3Affected Software1

NVD•added 2024/07/12 2:15 p.m.•11 views

CVE-2024-38709

5.3CVSS0.00578EPSS

Exploits0References1

Vulnrichment•added 2024/07/12 2:10 p.m.•16 views

CVE-2024-38709 WordPress GD Rating System plugin <= 3.6 - Local File Inclusion vulnerability

5.3CVSS6.9AI score0.00578EPSS

Exploits0References1