Search criteria
12 vulnerabilities found for rate_my_post by blazzdev
FKIE_CVE-2023-51667
Vulnerability from fkie_nvd - Published: 2024-06-04 13:15 - Updated: 2025-05-29 20:21
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Summary
Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post – WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blazzdev | rate_my_post | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blazzdev:rate_my_post:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4C35A52B-7B8D-44CA-BA7F-CB9F26833397",
"versionEndExcluding": "3.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante falsificaci\u00f3n en FeedbackWP Rate my Post \u2013 WP Rating System permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a Rate my Post \u2013 WP Rating System: desde n/a hasta 3.4.2."
}
],
"id": "CVE-2023-51667",
"lastModified": "2025-05-29T20:21:02.553",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T13:15:50.500",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-2-broken-access-control-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-32823
Vulnerability from fkie_nvd - Published: 2024-04-24 11:15 - Updated: 2025-06-09 21:07
Severity ?
Summary
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blazzdev | rate_my_post | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blazzdev:rate_my_post:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C68E10B8-C977-494C-92BF-E9CD1E5B34B8",
"versionEndExcluding": "3.4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.4.\n\n"
},
{
"lang": "es",
"value": "Omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una vulnerabilidad de clave controlada por el usuario en FFeedbackWP Rate my Post \u2013 WP Rating System. Este problema afecta Calificar mi publicaci\u00f3n \u2013 WP Rating System: desde n/a hasta 3.4.4."
}
],
"id": "CVE-2024-32823",
"lastModified": "2025-06-09T21:07:22.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
},
"published": "2024-04-24T11:15:48.320",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-plugin-3-4-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-plugin-3-4-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-49765
Vulnerability from fkie_nvd - Published: 2023-12-21 19:15 - Updated: 2024-11-21 08:33
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blazzdev | rate_my_post | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blazzdev:rate_my_post:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8F9A458F-EA93-452F-9E27-8DEE6203738D",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post \u2013 WP Rating System.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en Blaz K. Rate my Post \u2013 WP Rating System. Este problema afecta a Rate my Post \u2013 WP Rating System: desde n/a hasta 3.4.1."
}
],
"id": "CVE-2023-49765",
"lastModified": "2024-11-21T08:33:47.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T19:15:12.173",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-4673
Vulnerability from fkie_nvd - Published: 2023-01-23 15:15 - Updated: 2025-04-02 16:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/1c4f379d-252a-487b-81c9-bf711ab71dff | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/1c4f379d-252a-487b-81c9-bf711ab71dff | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blazzdev | rate_my_post | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blazzdev:rate_my_post:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1D13F924-CC88-4B1F-9AA4-5CF6A6CC65D9",
"versionEndExcluding": "3.3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack."
},
{
"lang": "es",
"value": "El complemento Rate my Post de WordPress anterior a 3.3.9 no valida ni escapa uno de sus atributos de c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como colaborador realizar un ataque de cross-site scripting almacenado."
}
],
"id": "CVE-2022-4673",
"lastModified": "2025-04-02T16:15:28.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-23T15:15:16.050",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/1c4f379d-252a-487b-81c9-bf711ab71dff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/1c4f379d-252a-487b-81c9-bf711ab71dff"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified"
}
CVE-2023-51667 (GCVE-0-2023-51667)
Vulnerability from cvelistv5 – Published: 2024-06-04 12:29 – Updated: 2024-08-02 22:40
VLAI?
Title
WordPress Rate my Post – WP Rating System plugin <= 3.4.2 - Broken Access Control vulnerability
Summary
Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post – WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.2.
Severity ?
5.3 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FeedbackWP | Rate my Post – WP Rating System |
Affected:
n/a , ≤ 3.4.2
(custom)
|
Credits
Brandon Roldan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T14:50:42.392234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:36.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rate-my-post",
"product": "Rate my Post \u2013 WP Rating System",
"vendor": "FeedbackWP",
"versions": [
{
"changes": [
{
"at": "3.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Brandon Roldan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.2.\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.2."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T12:29:22.829Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.4.3 or a higher version."
}
],
"value": "Update to 3.4.3 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Rate my Post \u2013 WP Rating System plugin \u003c= 3.4.2 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-51667",
"datePublished": "2024-06-04T12:29:22.829Z",
"dateReserved": "2023-12-21T14:51:15.759Z",
"dateUpdated": "2024-08-02T22:40:34.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32823 (GCVE-0-2024-32823)
Vulnerability from cvelistv5 – Published: 2024-04-24 10:16 – Updated: 2024-08-02 02:20
VLAI?
Title
WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4.
Severity ?
5.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FeedbackWP | Rate my Post – WP Rating System |
Affected:
n/a , ≤ 3.4.4
(custom)
|
Credits
Kyle Sanchez (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:37:09.754021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T14:37:20.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-plugin-3-4-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rate-my-post",
"product": "Rate my Post \u2013 WP Rating System",
"vendor": "FeedbackWP",
"versions": [
{
"changes": [
{
"at": "3.4.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kyle Sanchez (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System.\u003cp\u003eThis issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.4.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.4.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T10:16:42.624Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-plugin-3-4-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.4.5 or a higher version."
}
],
"value": "Update to 3.4.5 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Rate My Post plugin \u003c= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32823",
"datePublished": "2024-04-24T10:16:42.624Z",
"dateReserved": "2024-04-18T10:16:48.294Z",
"dateUpdated": "2024-08-02T02:20:35.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49765 (GCVE-0-2023-49765)
Vulnerability from cvelistv5 – Published: 2023-12-21 18:29 – Updated: 2024-08-02 22:01
VLAI?
Title
WordPress Rate my Post – WP Rating System Plugin <= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR)
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1.
Severity ?
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Blaz K. | Rate my Post – WP Rating System |
Affected:
n/a , ≤ 3.4.1
(custom)
|
Credits
Revan Arifio (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rate-my-post",
"product": "Rate my Post \u2013 WP Rating System",
"vendor": "Blaz K.",
"versions": [
{
"changes": [
{
"at": "3.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Revan Arifio (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post \u2013 WP Rating System.\u003cp\u003eThis issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.1.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post \u2013 WP Rating System.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T18:29:59.743Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;3.4.2 or a higher version."
}
],
"value": "Update to\u00a03.4.2 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Rate my Post \u2013 WP Rating System Plugin \u003c= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-49765",
"datePublished": "2023-12-21T18:29:59.743Z",
"dateReserved": "2023-11-30T13:22:27.402Z",
"dateUpdated": "2024-08-02T22:01:25.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4673 (GCVE-0-2022-4673)
Vulnerability from cvelistv5 – Published: 2023-01-23 14:31 – Updated: 2025-04-02 15:18
VLAI?
Title
Rate my Post – WP Rating System < 3.3.9 - Contributor+ Stored XSS via Shortcode
Summary
The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Rate my Post |
Affected:
0 , < 3.3.9
(custom)
|
Credits
Lana Codes
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:39.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1c4f379d-252a-487b-81c9-bf711ab71dff"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4673",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:15:37.039486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:18:26.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Rate my Post",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.3.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lana Codes"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-23T14:31:30.667Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/1c4f379d-252a-487b-81c9-bf711ab71dff"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rate my Post \u2013 WP Rating System \u003c 3.3.9 - Contributor+ Stored XSS via Shortcode",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-4673",
"datePublished": "2023-01-23T14:31:30.667Z",
"dateReserved": "2022-12-23T03:24:06.671Z",
"dateUpdated": "2025-04-02T15:18:26.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51667 (GCVE-0-2023-51667)
Vulnerability from nvd – Published: 2024-06-04 12:29 – Updated: 2024-08-02 22:40
VLAI?
Title
WordPress Rate my Post – WP Rating System plugin <= 3.4.2 - Broken Access Control vulnerability
Summary
Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post – WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.2.
Severity ?
5.3 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FeedbackWP | Rate my Post – WP Rating System |
Affected:
n/a , ≤ 3.4.2
(custom)
|
Credits
Brandon Roldan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T14:50:42.392234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:36.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rate-my-post",
"product": "Rate my Post \u2013 WP Rating System",
"vendor": "FeedbackWP",
"versions": [
{
"changes": [
{
"at": "3.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Brandon Roldan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.2.\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.2."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T12:29:22.829Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.4.3 or a higher version."
}
],
"value": "Update to 3.4.3 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Rate my Post \u2013 WP Rating System plugin \u003c= 3.4.2 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-51667",
"datePublished": "2024-06-04T12:29:22.829Z",
"dateReserved": "2023-12-21T14:51:15.759Z",
"dateUpdated": "2024-08-02T22:40:34.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32823 (GCVE-0-2024-32823)
Vulnerability from nvd – Published: 2024-04-24 10:16 – Updated: 2024-08-02 02:20
VLAI?
Title
WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4.
Severity ?
5.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FeedbackWP | Rate my Post – WP Rating System |
Affected:
n/a , ≤ 3.4.4
(custom)
|
Credits
Kyle Sanchez (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:37:09.754021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T14:37:20.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-plugin-3-4-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rate-my-post",
"product": "Rate my Post \u2013 WP Rating System",
"vendor": "FeedbackWP",
"versions": [
{
"changes": [
{
"at": "3.4.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kyle Sanchez (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System.\u003cp\u003eThis issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.4.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.4.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T10:16:42.624Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-plugin-3-4-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.4.5 or a higher version."
}
],
"value": "Update to 3.4.5 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Rate My Post plugin \u003c= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32823",
"datePublished": "2024-04-24T10:16:42.624Z",
"dateReserved": "2024-04-18T10:16:48.294Z",
"dateUpdated": "2024-08-02T02:20:35.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49765 (GCVE-0-2023-49765)
Vulnerability from nvd – Published: 2023-12-21 18:29 – Updated: 2024-08-02 22:01
VLAI?
Title
WordPress Rate my Post – WP Rating System Plugin <= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR)
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1.
Severity ?
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Blaz K. | Rate my Post – WP Rating System |
Affected:
n/a , ≤ 3.4.1
(custom)
|
Credits
Revan Arifio (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "rate-my-post",
"product": "Rate my Post \u2013 WP Rating System",
"vendor": "Blaz K.",
"versions": [
{
"changes": [
{
"at": "3.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Revan Arifio (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post \u2013 WP Rating System.\u003cp\u003eThis issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.1.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post \u2013 WP Rating System.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T18:29:59.743Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;3.4.2 or a higher version."
}
],
"value": "Update to\u00a03.4.2 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Rate my Post \u2013 WP Rating System Plugin \u003c= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-49765",
"datePublished": "2023-12-21T18:29:59.743Z",
"dateReserved": "2023-11-30T13:22:27.402Z",
"dateUpdated": "2024-08-02T22:01:25.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4673 (GCVE-0-2022-4673)
Vulnerability from nvd – Published: 2023-01-23 14:31 – Updated: 2025-04-02 15:18
VLAI?
Title
Rate my Post – WP Rating System < 3.3.9 - Contributor+ Stored XSS via Shortcode
Summary
The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Rate my Post |
Affected:
0 , < 3.3.9
(custom)
|
Credits
Lana Codes
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:39.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1c4f379d-252a-487b-81c9-bf711ab71dff"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4673",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:15:37.039486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:18:26.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Rate my Post",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.3.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lana Codes"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-23T14:31:30.667Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/1c4f379d-252a-487b-81c9-bf711ab71dff"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rate my Post \u2013 WP Rating System \u003c 3.3.9 - Contributor+ Stored XSS via Shortcode",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-4673",
"datePublished": "2023-01-23T14:31:30.667Z",
"dateReserved": "2022-12-23T03:24:06.671Z",
"dateUpdated": "2025-04-02T15:18:26.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}