Vulnerabilities > Lesterchan > WP Postratings > 1.78

DATE CVE VULNERABILITY TITLE RISK
2024-08-01 CVE-2024-39659 Cross-site Scripting vulnerability in Lesterchan Wp-Postratings
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1.
network
low complexity
lesterchan CWE-79
5.4
5.4
2024-06-04 CVE-2023-40332 Authentication Bypass by Spoofing vulnerability in Lesterchan Wp-Postratings
Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.
network
low complexity
lesterchan CWE-290
critical
 9.8
9.8
2024-01-16 CVE-2021-25117 Cross-Site Request Forgery (CSRF) vulnerability in Lesterchan Wp-Postratings
The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php).
network
low complexity
lesterchan CWE-352
4.8
4.8