Unrated severityNVD Advisory· Published Nov 30, 2011· Updated Apr 29, 2026

CVE-2011-4646

Description

SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.

Affected products

Lesterchan/Wp Postratings2 versions
cpe:2.3:a:lesterchan:wp-postratings:1.50:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:lesterchan:wp-postratings:1.50:*:*:*:*:*:*:*
- cpe:2.3:a:lesterchan:wp-postratings:1.61:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.phpnvdExploitPatch
secunia.com/advisories/46328nvdVendor Advisory
wordpress.org/extend/plugins/wp-postratings/changelog/nvd
www.securityfocus.com/bid/49986nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000