WordPress Plugin Vulnerabilities

GD Star Rating 1.9.22 - SQL Injection

Description

The gd-star-rating WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
gd-star-rating
No known fix

References

CVE
CVE-2014-2839
URL
https://packetstormsecurity.com/files/#125932/
URL
https://seclists.org/fulldisclosure/2014/Mar/399

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Verified
No
WPVDB ID
de35c613-ff34-4667-a674-89de3041ae73

Timeline

Publicly Published
2014-08-01 (about 9 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2024-04-05
Title
LearnPress Export Import < 4.0.4 - Authenticated (Administrator+) SQL Injection
Published
2024-03-28
Title
WP ERP < 1.30.0 - Authenticated (Accounting Manager+) SQL Injection via id
Published
2021-07-24
Title
Broken Link Manager <= 0.6.5 - Authenticated (admin+) SQL Injection
Published
2021-11-01
Title
Email Before Download < 6.8 - Admin+ SQL Injection
Published
2014-08-01
Title
Eventify - Simple Events <= 1.7.f - SQL Injection