Skip to main content

Cross-site Scripting Vulnerability in WordPress GD Star Rating Plugin

Vector: Remote
Severity: Low
Patch: Unpatched
Impact: Cross-site Scripting (XSS)
Software: WordPress GD Star Rating Plugin 1.x , vulnerable versions: <=1.9.7
A cross-site scripting (XSS) vulnerability has been discovered in WordPress GD Star Rating Plugin.
An input validation error exists in wp-content/plugins/gd-star-rating/widgets/widget_top.php while processing the data passed to the parameter "wpfn". A remote attacker can send a specially crafted HTTP request to the vulnerable application and execute arbitrary html and scripting code in user`s browser in context of a vulnerable website.
Further exploitation of this vulnerability may result in stealing potentially sensitive to the user information, such as cookies, or disguising the information presented on the website.

Demo:
Click here to view!

Share this with your friends
Loading...