We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2011-10006

GamerZ WP-PostRatings wp-postratings.php cross site scripting



AssignerVulDB
Reserved2024-04-07
Published2024-04-08
Updated2024-08-07

Description

EN DE

A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability.

Es wurde eine Schwachstelle in GamerZ WP-PostRatings bis 1.64 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei wp-postratings.php. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Ein Aktualisieren auf die Version 1.65 vermag dieses Problem zu lösen. Der Patch wird als 6182a5682b12369ced0becd3b505439ce2eb8132 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.



LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
LOW: 3.5CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.0CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

Product status

1.0
affected

1.1
affected

1.2
affected

1.3
affected

1.4
affected

1.5
affected

1.6
affected

1.7
affected

1.8
affected

1.9
affected

1.10
affected

1.11
affected

1.12
affected

1.13
affected

1.14
affected

1.15
affected

1.16
affected

1.17
affected

1.18
affected

1.19
affected

1.20
affected

1.21
affected

1.22
affected

1.23
affected

1.24
affected

1.25
affected

1.26
affected

1.27
affected

1.28
affected

1.29
affected

1.30
affected

1.31
affected

1.32
affected

1.33
affected

1.34
affected

1.35
affected

1.36
affected

1.37
affected

1.38
affected

1.39
affected

1.40
affected

1.41
affected

1.42
affected

1.43
affected

1.44
affected

1.45
affected

1.46
affected

1.47
affected

1.48
affected

1.49
affected

1.50
affected

1.51
affected

1.52
affected

1.53
affected

1.54
affected

1.55
affected

1.56
affected

1.57
affected

1.58
affected

1.59
affected

1.60
affected

1.61
affected

1.62
affected

1.63
affected

1.64
affected

Timeline

2011-02-17:Advisory disclosed
2011-02-17:Countermeasure disclosed
2024-04-07:VulDB entry created
2024-04-07:VulDB entry last update

Credits

VulDB GitHub Commit Analyzer tool

References

https://vuldb.com/?id.259629 (VDB-259629 | GamerZ WP-PostRatings wp-postratings.php cross site scripting) vdb-entry

https://vuldb.com/?ctiid.259629 (VDB-259629 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a patch

https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132 patch

https://github.com/wp-plugins/wp-postratings/releases/tag/1.65 patch

cve.org CVE-2011-10006

nvd.nist.gov CVE-2011-10006

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2011-10006
Support options

Helpdesk Telegram

Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.