2 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors. Múltiples vulnerabilidades de CSRF en el plugin GD Star Rating 19.22 para WordPress permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que realizan (1) ataques de inyección SQL a través del parámetro s en la página gd-star-rating-stats en wp-admin/admin.php o (2) ataques de XSS a través de vectores no especificados. Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 1.9.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors. • http://seclists.org/fulldisclosure/2014/Mar/399 http://secunia.com/advisories/57667 https://advisories.dxw.com/advisories/csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22 https://exchange.xforce.ibmcloud.com/vulnerabilities/92156 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php. Vulnerabilidad de inyección SQL en el plugin GD Star Rating 19.22 para WordPress permite a administradores remotos ejecutar comandos SQL arbitrarios a través del parámetro s en la página gd-star-rating-stats en wp-admin/admin.php. SQL injection vulnerability in the GD Star Rating plugin 1.9.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php. • http://seclists.org/fulldisclosure/2014/Mar/399 https://advisories.dxw.com/advisories/csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22 https://exchange.xforce.ibmcloud.com/vulnerabilities/92156 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •