Wp Postratings (wordpress Plugin)
by Lesterchan
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39659 | 0.00 | — | 0.00 | Aug 1, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1. | |||
| CVE-2023-40332 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91. | |||
| CVE-2011-10006 | 0.00 | — | 0.00 | Apr 8, 2024 | A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version… | |||
| CVE-2021-25117 | 0.00 | — | 0.00 | Jan 16, 2024 | The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF… | |||
| CVE-2022-40130 | 0.00 | — | 0.00 | Nov 18, 2022 | Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress. | |||
| CVE-2022-36422 | 0.00 | — | 0.00 | Sep 9, 2022 | Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress. | |||
| CVE-2011-4646 | 0.00 | — | 0.02 | Nov 30, 2011 | SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode… |
- CVE-2024-39659Aug 1, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1.
- CVE-2023-40332Jun 4, 2024risk 0.00cvss —epss 0.00
Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.
- CVE-2011-10006Apr 8, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version…
- CVE-2021-25117Jan 16, 2024risk 0.00cvss —epss 0.00
The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF…
- CVE-2022-40130Nov 18, 2022risk 0.00cvss —epss 0.00
Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.
- CVE-2022-36422Sep 9, 2022risk 0.00cvss —epss 0.00
Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress.
- CVE-2011-4646Nov 30, 2011risk 0.00cvss —epss 0.02
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode…