Description
WordPress Plugin Comment Rating is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker could leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress Plugin Comment Rating version 2.9.20 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/51241/exploit
http://packetstormsecurity.com/files/108314/wpcommentrating-sqlxss.txt
Related Vulnerabilities
TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)
Oracle Database Server CVE-2006-0263 Vulnerability (CVE-2006-0263)
Joomla Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3227)
Drupal Other Vulnerability (CVE-2006-3570)
Moodle Uncontrolled Resource Consumption Vulnerability (CVE-2021-32476)