Description

WordPress Plugin kk Star Ratings is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin kk Star Ratings version 1.7 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.7.2 or latest

References

https://wordpress.org/support/topic/plugin-kk-star-ratings-improve-code-security

http://secunia.com/advisories/49537/

Related Vulnerabilities

WordPress Plugin Titan Framework Cross-Site Scripting (1.7.5)

WordPress Plugin Ultimate Instagram Feed Cross-Site Scripting (1.2)

WordPress Plugin Backlink Rechecker Multiple Cross-Site Scripting Vulnerabilities (1.2.1)

Joomla! Core 3.9.x CSV Injection (3.9.0 - 3.9.6)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.2.7)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update File Inclusion