19 matches found
CVE-2026-4301
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...
CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...
CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...
PT-2026-39948
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr review AJAX handler lacks both capability checks and nonce verification. The only access control is an is user logged in...
WordPress plugin Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings 安全漏洞
WordPress, among others, is a product of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. Effect is a software package used for adding image effects. Aaron Update is a product developed by Aaron, the individual developer behind the project. Update is a...
WordPress Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings plugin <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Modification vulnerability discovered by cpforensic in WordPress Plugin Rate Star Review versions = 1.6.4...
EUVD-2023-56886
Malicious code in bioql PyPI...
EUVD-2024-51573
Malicious code in bioql PyPI...
CVE-2023-52213
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through...
PT-2025-2149 · WordPress · The Rate Star Review Vote – Ajax Reviews
Name of the Vulnerable Software and Affected Versions: The Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper reviews' shortcode due to...
WordPress Rate Star Review plugin <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Rate Star Review versions = 1.6.3...
Rate Star Review < 1.5.2 - Reflected Cross-Site Scripting
Description The Rate Star Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2023-52213
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through...
CVE-2023-52213 WordPress Rate Star Review Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through...
CVE-2023-52213 WordPress Rate Star Review Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through...
CVE-2023-52213
CVE-2023-52213 affects the Rate Star Review – AJAX Reviews for Content, with Star Ratings WordPress plugin. The issue is an improper neutralization of input in web page generation, leading to a reflected Cross-Site Scripting (XSS) vulnerability. Affected versions are 1.5.1 and earlier; the patch ...
PT-2024-14477 · Unknown · Videowhisper Rate Star Review
Name of the Vulnerable Software and Affected Versions: VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings versions 1.5.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This...
WordPress Plugin Rate Star Review Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Rate Star Review Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Rate Star Review Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52213 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 73dc6c7e7398 Credits Kang SeoHee Required privilege...