Vulnerability Details CVE-2015-9465
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://cinu.pl/research/wp-plugins/mail_041b796c7533880df03a43895fed5f00.html
- https://wordpress.org/plugins/yet-another-stars-rating/#developers
- https://wpvulndb.com/vulnerabilities/8309
- http://cinu.pl/research/wp-plugins/mail_041b796c7533880df03a43895fed5f00.html
- https://wordpress.org/plugins/yet-another-stars-rating/#developers
- https://wpvulndb.com/vulnerabilities/8309
Products affected by CVE-2015-9465
-
cpe:2.3:a:yet_another_stars_rating_project:yet_another_stars_rating:-