CVE-2011-4646
WP-PostRatings <= 1.61 - SQL Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
Vulnerabilidad de inyección SQL en wp-postratings.php del complemento WP-PostRatings 1.50, 1.61 y problablemente otras versiones anteriores a la 1.62 de WordPress. Permite a usuarios remotos autenticados con el perfil de autor ejecutar comandos SQL de su elección a través del atributo id del código de evaluación ("ratings shortcode") al crear un post. NOTA: algunos de estos detalles han sido obtenidos de información procedente de terceras partes.
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-10-06 CVE Published
- 2011-11-30 CVE Reserved
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://wordpress.org/extend/plugins/wp-postratings/changelog | X_refsource_confirm | |
| http://www.securityfocus.com/bid/49986 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.php?old=355076&old_path=wp-postratings%2Ftrunk%2Fwp-postratings.php | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/46328 | 2011-12-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lesterchan Search vendor "Lesterchan" | Wp-postratings Search vendor "Lesterchan" for product "Wp-postratings" | 1.50 Search vendor "Lesterchan" for product "Wp-postratings" and version "1.50" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| Lesterchan Search vendor "Lesterchan" | Wp-postratings Search vendor "Lesterchan" for product "Wp-postratings" | 1.61 Search vendor "Lesterchan" for product "Wp-postratings" and version "1.61" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|