Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stars rating project stars rating vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-24893
The Stars Rating WordPress plugin prior to 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated.
Stars Rating Project Stars Rating
4.3
CVSSv2
CVE-2022-23980
Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'.
Yet Another Stars Rating Project Yet Another Stars Rating
7.5
CVSSv2
CVE-2022-0657
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin prior to 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthen...
5 Stars Rating Funnel Project 5 Stars Rating Funnel
6.5
CVSSv2
CVE-2015-9465
The yet-another-stars-rating plugin prior to 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
Yet Another Stars Rating Project Yet Another Stars Rating
NA
CVE-2023-37867
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a up to and including 3.3.8.
Yet Another Stars Rating Project Yet Another Stars Rating
NA
CVE-2022-40699
Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr – Yet Another Stars Rating plugin <= 3.1.2 versions.
Yasr - Yet Another Stars Rating Project Yasr - Yet Another Stars Rating
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started