The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
5.4CVSS
5.3AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post β WP Rating System.This issue affects Rate my Post β WP Rating System: from n/a through 3.4.1.
6.5CVSS
6.5AI Score
0.0005EPSS