PT-2024-38776 · WordPress · The Review Ratings Wordpress Plugin

Daniel Ruf

Published

2024-09-16

Updated

2024-09-27

CVE-2024-8052

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: The Review Ratings WordPress plugin versions 1.6 and earlier

Description: The issue is related to the lack of CSRF check in some places, as well as missing sanitisation and escaping, which could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. This could potentially lead to malicious actions being performed on the website.

Recommendations: For The Review Ratings WordPress plugin versions 1.6 and earlier, update to a version that includes proper CSRF checks, sanitisation, and escaping to prevent Stored XSS payloads from being added via a CSRF attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2024-8052

Affected Products

The Review Ratings Wordpress Plugin

PT-2024-38776 · WordPress · The Review Ratings Wordpress Plugin

CVE-2024-8052

Weakness Enumeration

Related Identifiers

Affected Products

References · 8