CSRF Vulnerabilities in GD Star Rating Plugin for WordPress
CVE-2014-2838

Currently unrated

Key Information:

Vendor: Wordpress
Status: Gd Star Rating
Vendor: CVE Published:; 12 January 2015

Summary

The GD Star Rating plugin version 19.22 for WordPress is susceptible to multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities enable remote attackers to hijack administrator authentication, potentially allowing malicious actions like SQL injection attacks via the 's' parameter on the gd-star-rating-stats page in wp-admin/admin.php, or executing cross-site scripting (XSS) attacks through other unspecified vectors. This poses a significant risk to WordPress sites using this plugin, making it crucial for site administrators to prioritize patched updates to safeguard against exploitation.

References

https://advisories.dxw.com/advisories/csrf-and-blind-sql-...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/92156

vdb-entryx_refsource_XF

http://secunia.com/advisories/57667

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 12, 2015
Vulnerability Reserved
Apr 10, 2014