CVE-2011-10006

GamerZ WP-PostRatings wp-postratings.php cross site scripting

CVSS 3.5 LOWEPSS 0.4%CWE-79

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 3.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

08 abr 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Productos afectados

GamerZ · WP-PostRatings

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132 https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a https://github.com/wp-plugins/wp-postratings/releases/tag/1.65 https://vuldb.com/?ctiid.259629 https://vuldb.com/?id.259629