SQL Injection Vulnerability in GD Star Rating Plugin for WordPress
CVE-2014-2839

Currently unrated

Key Information:

Vendor: Wordpress
Status: Gd Star Rating
Vendor: CVE Published:; 12 January 2015

Summary

The GD Star Rating plugin version 19.22 for WordPress contains a SQL injection vulnerability that may allow remote administrators to execute unintended SQL commands. This security flaw occurs via the 's' parameter on the gd-star-rating-stats page, located in wp-admin/admin.php. Attackers leveraging this vulnerability could manipulate database queries, potentially leading to unauthorized data access or manipulation.

References

https://advisories.dxw.com/advisories/csrf-and-blind-sql-...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/92156

vdb-entryx_refsource_XF

http://seclists.org/fulldisclosure/2014/Mar/399

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Jan 12, 2015
Vulnerability Reserved
Apr 10, 2014