Yet Another Stars Rating Project: Security Vulnerabilities
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8.
CVSS Score
3.7
EPSS Score
0.002
Published
2023-11-30
Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'.
CVSS Score
4.7
EPSS Score
0.002
Published
2022-02-04
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-10-10