First published: Wed Nov 30 2011(Updated: )
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Lesterchan Wp-postratings | =1.50 | |
Lesterchan Wp-postratings | =1.61 | |
WordPress WordPress |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.