Haymiz

**Name of the Vulnerable Software and Affected Versions** Rate My Post – Star Rating Plugin by FeedbackWP versions up to, and including, 4.2.4 **Description** The issue allows unauthenticated attackers to vote on unpublished scheduled posts due to missing validation on a user-controlled key in the `get post status()` function. This enables attackers to exploit the Insecure Direct Object Reference vulnerability. **Recommendations** For versions up to, and including, 4.2.4, update to a version that includes the necessary validation to prevent exploitation of the Insecure Direct Object Reference vulnerability. As a temporary workaround, consider restricting access to the `get post status()` function until a patch is available.