8 matches found
CVE-2018-5293
The CVE-2018-5293 entry concerns the WordPress GD Rating System plugin, version 2.3. It describes a Cross-Site Scripting (XSS) vulnerability exposed via the wp-admin/admin.php parameter on the gd-rating-system-tools page. This is a client-facing issue in the WordPress plugin code path that handle...
CVE-2018-5286
The WordPress GD Rating System plugin version 2.3 is affected by an XSS vulnerability in the gd-rating-system-about page, exploitable via the wp-admin/admin.php parameter. The CVE notes a cross-site scripting issue with I=P and Gained impact mainly on integrity, with no explicit exploit details p...
CVE-2018-5292
The CVE-2018-5292 entry applies to WordPress GD Rating System plugin version 2.3, where an XSS vulnerability exists in the gd-rating-system-information page. The flaw is triggered by XSS via the wp-admin/admin.php panel parameter, enabling arbitrary script injection. Affected product: GD Rating S...
CVE-2018-5290
The CVE-2018-5290 entry concerns WordPress GD Rating System plugin version 2.3, which suffers a directory traversal vulnerability in the gd-rating-system-transfer path via wp-admin/admin.php. This allows reading arbitrary files on the server (CNVD/OpenVAS details; CVSSv3 base 7.5, high). Patch st...
CVE-2018-5291
CVE-2018-5291 affects WordPress GD Rating System plugin v2.3. The vulnerability is a directory traversal flaw in the wp-admin/admin.php panel on the gd-rating-system-tools page, allowing potential reads of arbitrary files (as indicated by CNVD/NVD entries). NVD lists CVSS v3 base score 7.5 (HIGH)...
CVE-2018-5287
CVE-2018-5287 affects the WordPress GD Rating System plugin, version 2.3. A directory traversal flaw exists in the wp-admin/admin.php parameter for the gd-rating-system-about page, enabling an attacker to read arbitrary files on the server. Public CVSS metrics show base scores of 5.0 (NVD CVSS2) ...
CVE-2018-5288
CVE-2018-5288 affects the WordPress GD Rating System plugin (version 2.3) for WordPress. The vulnerability is a Cross-Site Scripting (XSS) flaw exposed via the gd-rating-system-transfer page, specifically through a wp-admin/admin.php panel parameter. The connected sources confirm the affected plu...
CVE-2018-5289
The CVE-2018-5289 entry concerns WordPress GD Rating System plugin version 2.3, which exposes a Directory Traversal vulnerability in the wp-admin/admin.php parameter for the gd-rating-system-information page. The CNVD/OpenVAS records corroborate a traversal flaw that can enable reading arbitrary ...