PT-2011-5013 · WordPress · Wp-Postratings
Ben Bidner
·
Published
2011-11-30
·
Updated
2011-12-01
·
CVE-2011-4646
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WP-PostRatings plugin versions 1.50 through 1.61
Description
The issue allows remote authenticated users with the Author role to execute arbitrary SQL commands via the
id attribute of the "ratings shortcode" when creating a post.Recommendations
For WP-PostRatings plugin versions 1.50 through 1.61, update to version 1.62 or later to resolve the issue.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp-Postratings