CVE-2014-2838

Currently unrated

Key Information:

Vendor: Wordpress
Status: Gd Star Rating
Vendor: CVE Published:; 12 January 2015

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors.

References

https://advisories.dxw.com/advisories/csrf-and-blind-sql-...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/92156

vdb-entryx_refsource_XF

http://secunia.com/advisories/57667

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 12, 2015
Vulnerability Reserved
Apr 10, 2014