Log out
Get PRO

Latest

Output validation vulnerability in Yasr – Yet Another Stars Rating 1.8.6

  • Severity: critical
  • Status: Fixed
  • Publication: January 27, 2019

The Yet Another Stars Rating plugin for WordPress is vulnerable to a type of cyber attack known as PHP Object Injection. This type of attack can happen if someone is using an older version of the plugin, up to and including version 1.8.6. The vulnerability is caused by a special type of code called “deserialization” which can be found in the yasr-shortcode-functions.php file. This type of code can be used by unauthenticated attackers to inject a PHP Object. If this happens, it can also allow the attackers to remotely execute arbitrary code on the affected system.

Detected in:

YASR – Yet Another Star Rating Plugin for WordPress fixed vulnerable versions:
Yasr – Yet Another Stars Rating fixed vulnerable versions: >= * <= 1.8.6

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.