Arbitrary Shortcode Execution Vulnerability in kk Star Ratings Plugin for WordPress
CVE-2024-11977

7.3HIGH

Key Information:

Vendor: Wordpress
Status: Kk Star Ratings – Rate Post & Collect User Feedbacks
Vendor: CVE Published:; 21 December 2024

Summary

CVE-2024-11977 is a high-risk vulnerability in the kk Star Ratings plugin for WordPress that allows unauthenticated attackers to execute arbitrary shortcodes. This vulnerability arises from a lack of proper value validation in the plugin's handling of executed actions, which affects all versions up to and including 5.4.10. When exploited, this could enable attackers to manipulate website content or perform unauthorized actions, putting user data at risk. Website owners using this plugin should update immediately to secured versions to prevent potential exploits.

Affected Version(s)

kk Star Ratings – Rate Post & Collect User Feedbacks * <= 5.4.10

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/kk-star-rating...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2024
Vulnerability Reserved
Nov 28, 2024

Credit

Michael Mazzolini