72 matches found
CVE-2022-47433 WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin = 5.0.5 versions...
CVE-2022-47433 WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin = 5.0.5 versions...
CVE-2022-47433
CVE-2022-47433 affects the WordPress plugin Daniel Powney Multi Rating. Connected sources (Patchstack) indicate unauthenticated Cross-Site Scripting in Multi Rating versions ≤ 5.0.6, with CVSS ~7.1 (high). The initial entry lists versions ≤ 5.0.5 (unauthenticated XSS) but Patchstack expands this ...
CVE-2022-46867
CVE-2022-46867 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress feature/plugin named Universal Star Rating, affecting versions
CVE-2022-40699
Cross-Site Scripting XSS vulnerability in Dario Curvino Yasr – Yet Another Stars Rating plugin = 3.1.2 versions...
CVE-2022-47443
Cross-Site Request Forgery CSRF vulnerability in Daniel Powney Multi Rating plugin = 5.0.5 versions...
CVE-2022-47443
Cross-Site Request Forgery CSRF vulnerability in Daniel Powney Multi Rating plugin = 5.0.5 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Daniel Powney Multi Rating plugin = 5.0.5 versions...
CVE-2022-47443 WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Daniel Powney Multi Rating plugin = 5.0.5 versions...
Multi Rating < 5.0.6 - Ratings Deletion via CSRF
The plugin does not have CSRF check when deleting ratings, which could allow attackers to make logged in admins to perform such action via a CSRF attack...
WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Broken Access Control
Software Multi Rating Type Plugin Vulnerable versions = 5.0.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25053 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 49ce4d920ef6 Credits minhtuanact Required privilege...
CVE-2021-25121
The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating...
WordPress Like Button Rating plugin Access Control Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...
WordPress Yet Another Stars Rating plugin < 3.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Yet Another Stars Rating plugin versions 3.0.2. Solution Update the WordPress Yet Another Stars Rating plugin to the latest available version at least 3.0.2...
WordPress Stars Rating Plugin Denial of Service Vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Stars Rating Plugin has a denial of service vulnerability in versions prior to 3.5.1, which stems from a failure ...
CVE-2021-24893
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated...
WordPress plugin Stars Rating 输入验证错误漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Stars Rating Plugin has a denial of service vulnerability in versions prior to 3.5.1, which stems from a failure ...
Kk Star Ratings 跨站脚本漏洞
kk-star-ratings is an application. Used to allow blog visitors to engage and interact with your site by rating posts. A cross-site scripting vulnerability exists in the Kk Star Ratings plugin prior to version 4.1.5...
WordPress Like Button Rating plugin <= 2.6.31 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability
Unauthenticated Server-Side Request Forgery SSRF vulnerability found by Lauritz Holme in WordPress Like Button Rating plugin versions = 2.6.31. Solution Update the WordPress Like Button Rating plugin to the latest available version at least 2.6.32...
WordPress yet-another-stars-rating plugin SQL injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. yet-another-stars-rating is a rating plugin used in it. The WordPress yet-another-stars-rating plugin suffers from a SQL injection...