Cross-Site Scripting in GD Rating System Plugin for WordPress
CVE-2018-5286

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Gd Rating System
Vendor
CVE Published:
8 January 2018

Summary

The GD Rating System plugin version 2.3 for WordPress contains a cross-site scripting vulnerability. This flaw allows attackers to inject malicious scripts via the wp-admin/admin.php panel's parameter for the gd-rating-system-about page. Exploiting this vulnerability could enable unauthorized access to sensitive information or lead to further attacks on users visiting affected websites. Website administrators utilizing this plugin should take immediate steps to apply necessary updates and secure their systems against such threats.

References

https://wpvulndb.com/vulnerabilities/8995
x_refsource_MISC
https://github.com/d4wner/Vulnerabilities-Report/blob/mas...
x_refsource_MISC
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-l...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.