ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP PostRatings Plugin <= 1.61 - SQL Injecion

Product
WP PostRatings
Description
Because of this vulnerability in wp-postratings.php, the authenticated users can execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2011-4646
Versions
Affected In <= 1.61, 1.50
Fixed In 1.62
Disclosure date
2011-11-30