CVSS: 7.3EPSS: %CPEs: 1EXPL: 0CVE-2024-11977 – kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-11977
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4642 – kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
https://notcve.org/view.php?id=CVE-2023-4642
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. El complemento kk Star Ratings de WordPress anterior a 5.4.6 no implementa operaciones atómicas, lo que permite a un usuario votar varias veces en una encuesta debido a una condición de ejecución. The kk Star Ratings plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 5.4.5. This is due to insufficient controls and checks on a user voting. This makes it possible for unauthenticated attackers to provides ratings more than a single time. • https://wpscan.com/vulnerability/6f481d34-6feb-4af2-914c-1f3288f69207 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46639 – kk Star Ratings <= 5.4.5 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-46639
The kk Star Ratings plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 5.4.5. This makes it possible for unauthenticated attackers to make use of this functionality. The exact impact of this vulnerability is unknown. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36528 – WordPress kk Star Ratings plugin <= 5.4.3 - Rate Manipulation due to IP Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36528
Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3. The kk Star Ratings plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.4.3. This is due to the plugin prioritizing obtaining a visitor's IP address from a spoofable HTTP header over PHP's REMOTE_ADDR. Attackers can supply a header with with a different IP Address that can be used to bypass the 'Unique votes (based on IP Address)' setting. • https://patchstack.com/database/wordpress/plugin/kk-star-ratings/vulnerability/wordpress-kk-star-ratings-plugin-5-4-3-rate-manipulation-due-to-ip-spoofing-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35438
https://notcve.org/view.php?id=CVE-2020-35438
Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el plugin kk Star Ratings versiones anteriores a 4.1.5 • https://github.com/kamalkhan/kk-star-ratings/blob/master/CHANGELOG.md https://github.com/kamalkhan/kk-star-ratings/blob/master/CHANGELOG.md#415---2020-12-13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •