CVE-2015-9465

Name of the Vulnerable Software and Affected Versions yet-another-stars-rating plugin versions prior to 0.9.1

Description The issue is related to SQL injection via the set id parameter in the yasr get multi set values and field function. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the yasr get multi set values and field function or avoiding the use of the set id parameter until the update is applied.