CVE-2011-4646

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-postratings
Vendor: CVE Published:; 30 November 2011

Summary

SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.

References

http://plugins.trac.wordpress.org/changeset/430970/wp-pos...

x_refsource_CONFIRM

http://wordpress.org/extend/plugins/wp-postratings/change...

x_refsource_CONFIRM

http://secunia.com/advisories/46328

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 30, 2011