Description

WordPress Plugin kk Star Ratings is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin kk Star Ratings version 1.7 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.7.2 or latest

References

https://wordpress.org/support/topic/plugin-kk-star-ratings-improve-code-security

http://secunia.com/advisories/49537/

Related Vulnerabilities

Joomla! Core Local File Inclusion (2.5.0 - 3.8.8)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Directory Traversal (3.1.4)

WordPress Plugin Registrations for the Events Calendar-Event Registration Cross-Site Scripting (2.7.9)

WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)

WordPress Plugin DELUCKS SEO Unspecified Vulnerability (1.2.2)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update File Inclusion