4 matches found
CVE-2011-10006
GamerZ WP-PostRatings up to 1.64 contains a cross-site scripting (XSS) flaw in wp-postratings.php. The vulnerability, which can be triggered remotely, affects an unknown part of the file and can be exploited without user privileges, with user interaction required. The issue is mitigated by upgrad...
Sql injection
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a...
CVE-2011-4646
CVE-2011-4646 affects the WP-PostRatings WordPress plugin (versions 1.50, 1.61 and likely earlier than 1.62). The vulnerability is a SQL injection in wp-postratings.php that allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the rating...
CVE-2011-4646
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a...