Cross-Site Scripting in GD Rating System Plugin for WordPress

CVE-2018-5286

What is CVE-2018-5286?

The GD Rating System plugin version 2.3 for WordPress contains a cross-site scripting vulnerability. This flaw allows attackers to inject malicious scripts via the wp-admin/admin.php panel's parameter for the gd-rating-system-about page. Exploiting this vulnerability could enable unauthorized access to sensitive information or lead to further attacks on users visiting affected websites. Website administrators utilizing this plugin should take immediate steps to apply necessary updates and secure their systems against such threats.

References