The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
8.8CVSS
9.1AI Score
0.002EPSS
Cross-Site Scripting (XSS) vulnerability discovered in Yasr β Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'.
6.1CVSS
5.9AI Score
0.001EPSS
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR β Yet Another Star Rating Plugin for WordPress.This issue affects YASR β Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8.
8.1CVSS
8AI Score
0.001EPSS