First published: Tue Jan 16 2024(Updated: )
The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfiltered_html capability is disabled.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lesterchan Wp-postratings | <1.86.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.