CVE-2014-2838

Name of the Vulnerable Software and Affected Versions GD Star Rating plugin version 19.22

Description The issue allows remote attackers to hijack the authentication of administrators for requests, potentially leading to SQL injection attacks via the s parameter in the "gd-star-rating-stats" page to "wp-admin/admin.php", or cross-site scripting (XSS) attacks. SQL injection attacks involve injecting malicious SQL code to manipulate database queries, while XSS attacks involve injecting malicious code into websites to manipulate user sessions.

Recommendations For GD Star Rating plugin version 19.22, consider disabling the plugin until a patch is available to prevent potential SQL injection and XSS attacks. Restrict access to the "gd-star-rating-stats" page in wp-admin/admin.php to minimize the risk of exploitation. Avoid using the s parameter in the affected page until the issue is resolved.