SQL Injection Vulnerability in WP-PostRatings Plugin Affects WordPress
CVE-2011-4646

Currently unrated

Key Information:

Vendor

Wordpress
Status
WP-postratings
Vendor
CVE Published:
30 November 2011

What is CVE-2011-4646?

The WP-PostRatings plugin for WordPress features a SQL injection vulnerability in the wp-postratings.php file. This issue permits remote authenticated users with the Author role to execute arbitrary SQL commands through the 'id' attribute of the ratings shortcode while creating or editing posts. This vulnerability impacts versions 1.50, 1.61, and potentially earlier releases before 1.62. It poses significant risks as it allows manipulation of the underlying database, which can lead to unauthorized access and data exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://plugins.trac.wordpress.org/changeset/430970/wp-pos...
x_refsource_CONFIRM
http://wordpress.org/extend/plugins/wp-postratings/change...
x_refsource_CONFIRM
http://secunia.com/advisories/46328
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.