J2TEAM Security: A must-have extension for Chrome users. Install now!

Cross-site Scripting Vulnerability in WordPress GD Star Rating Plugin

Cross-site Scripting Vulnerability in WordPress GD Star Rating Plugin | Juno_okyo's Blog
Vector: Remote
Severity: Low
Patch: Unpatched
Impact: Cross-site Scripting (XSS)
Software: WordPress GD Star Rating Plugin 1.x , vulnerable versions: <=1.9.7
A cross-site scripting (XSS) vulnerability has been discovered in WordPress GD Star Rating Plugin.
An input validation error exists in wp-content/plugins/gd-star-rating/widgets/widget_top.php while processing the data passed to the parameter "wpfn". A remote attacker can send a specially crafted HTTP request to the vulnerable application and execute arbitrary html and scripting code in user`s browser in context of a vulnerable website.
Further exploitation of this vulnerability may result in stealing potentially sensitive to the user information, such as cookies, or disguising the information presented on the website.

Demo:
Click here to view!
Leader at J2TEAM. Website: https://j2team.dev/

Đăng nhận xét

Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!