SQL Injection Vulnerability in WP-PostRatings Plugin Affects WordPress
CVE-2011-4646

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-postratings
Vendor: CVE Published:; 30 November 2011

What is CVE-2011-4646?

The WP-PostRatings plugin for WordPress features a SQL injection vulnerability in the wp-postratings.php file. This issue permits remote authenticated users with the Author role to execute arbitrary SQL commands through the 'id' attribute of the ratings shortcode while creating or editing posts. This vulnerability impacts versions 1.50, 1.61, and potentially earlier releases before 1.62. It poses significant risks as it allows manipulation of the underlying database, which can lead to unauthorized access and data exposure.

References

http://plugins.trac.wordpress.org/changeset/430970/wp-pos...

x_refsource_CONFIRM

http://wordpress.org/extend/plugins/wp-postratings/change...

x_refsource_CONFIRM

http://secunia.com/advisories/46328

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 30, 2011

Wordpress

What is CVE-2011-4646?

References

Timeline