WordPress WP PostRatings Plugin <= 1.61 - SQL Injecion
- Product
- WP PostRatings
- Description
- Because of this vulnerability in wp-postratings.php, the authenticated users can execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post.
- Solution
- Update the plugin.
- Classification
-
Type SQL Injection
OWASP Top 10 A1: Injection - References
-
CVE Mitre
- CVE
- Name CVE-2011-4646
- Versions
-
Affected In
<= 1.61, 1.50
Fixed In 1.62 - Disclosure date
- 2011-11-30