CVSS: 4.0EPSS: 0%CPEs: 65EXPL: 0CVE-2011-10006 – GamerZ WP-PostRatings wp-postratings.php cross site scripting
https://notcve.org/view.php?id=CVE-2011-10006
A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132 https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a https://github.com/wp-plugins/wp-postratings/releases/tag/1.65 https://vuldb.com/?ctiid.259629 https://vuldb.com/?id.259629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36422 – WP-PostRatings plugin <= 1.89 - Rating increase/decrease via race condition
https://notcve.org/view.php?id=CVE-2022-36422
Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress. Un aumento/disminución de la calificación por medio de una condición de carrera en el plugin WP-PostRatings de Lester "GaMerZ" Chan versiones anteriores a 1.89 incluyéndola, en WordPress The WP-PostRatings plugin for WordPress is vulnerable to Race Condition in versions up to, and including, 1.89. This can lead to unpredictable post rating changes when certain conditions are met. • https://patchstack.com/database/vulnerability/wp-postratings/wordpress-wp-postratings-plugin-1-89-rating-increase-decrease-via-race-condition-vulnerability/_s_id=cve https://wordpress.org/plugins/wp-postratings/#developers • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25117 – WP Postratings < 1.86.1 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25117
The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfiltered_html capability is disabled. El complemento de WordPress WP-PostRatings anterior a 1.86.1 no sanitiza el parámetro postratings_image de su página de opciones (wp-admin/admin.php?page=wp-postratings/postratings-options.php). • https://wpscan.com/vulnerability/d2d9a789-edae-4ae1-92af-e6132db7efcd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •