|Impact:||Cross-site Scripting (XSS)|
|Software:||WordPress GD Star Rating Plugin 1.x , vulnerable versions: <=1.9.7
An input validation error exists in wp-content/plugins/gd-star-rating/widgets/widget_top.php while processing the data passed to the parameter "wpfn". A remote attacker can send a specially crafted HTTP request to the vulnerable application and execute arbitrary html and scripting code in user`s browser in context of a vulnerable website.
Further exploitation of this vulnerability may result in stealing potentially sensitive to the user information, such as cookies, or disguising the information presented on the website.