PT-2024-12794 · WordPress · Yet Another Stars Rating

Revan Arifio

Published

2024-12-13

Updated

2024-12-17

CVE-2023-39305

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Yet Another Stars Rating versions 3.4.3 and below

Description The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels due to broken access control. This can be exploited in the Yet Another Stars Rating plugin for WordPress.

Recommendations Update to the latest version to secure your site and protect against this issue.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-39305

Affected Products

Yet Another Stars Rating

PT-2024-12794 · WordPress · Yet Another Stars Rating

CVE-2023-39305

Weakness Enumeration

Related Identifiers

Affected Products

References · 10