This host is running WordPress GD Star Rating Plugin and is prone to SQL injection vulnerability.

Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information. Impact Level: Application

Upgrade to GD Star Rating Plugin version 1.9.9, For updates refer to http://wordpress.org/extend/plugins/gd-star-rating/ ***** NOTE: Exploit will work when nonce is disabled, by default it will be enabled. *****

The flaw is caused by improper validation of user-supplied input passed via the 'votes' parameter to /wp-content/plugins/gd-star-rating/ajax.php, which allows attacker to manipulate SQL queries by injecting arbitrary SQL code.

WordPress GD Star Rating Plugin version 1.9.8 and prior.

• http://downloads.securityfocus.com/vulnerabilities/exploits/48166.txt
• http://packetstormsecurity.org/files/view/102095/wpstarrating-sql.txt

---

Updated on 2015-03-25