Skip to main content

Cross-site Scripting Vulnerability in WordPress GD Star Rating Plugin

Vector: Remote
Severity: Low
Patch: Unpatched
Impact: Cross-site Scripting (XSS)
Software: WordPress GD Star Rating Plugin 1.x , vulnerable versions: <=1.9.7
A cross-site scripting (XSS) vulnerability has been discovered in WordPress GD Star Rating Plugin.
An input validation error exists in wp-content/plugins/gd-star-rating/widgets/widget_top.php while processing the data passed to the parameter "wpfn". A remote attacker can send a specially crafted HTTP request to the vulnerable application and execute arbitrary html and scripting code in user`s browser in context of a vulnerable website.
Further exploitation of this vulnerability may result in stealing potentially sensitive to the user information, such as cookies, or disguising the information presented on the website.

Click here to view!