Vulnerabilities and security researches forgd-rating-system gd-rating-system
Direction: ascendingJun 07, 2024
GD Rating System # CVE-2018-5288
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 08, 2018
- Research Description
- The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
- Affected versions
-
max 2.4.
- Status
-
vulnerable
GD Rating System # CVE-2018-5286
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 08, 2018
- Research Description
- The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
- Affected versions
-
max 2.4.
- Status
-
vulnerable
GD Rating System # CVE-2018-5289
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 08, 2018
- Research Description
- The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
- Affected versions
-
max 2.4.
- Status
-
vulnerable
GD Rating System # CVE-2018-5290
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 08, 2018
- Research Description
- The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
- Affected versions
-
max 2.4.
- Status
-
vulnerable
GD Rating System # CVE-2024-25093
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 29, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5.
- Affected versions
-
max 3.5.1.
- Status
-
vulnerable
GD Rating System # CVE-2018-5291
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 08, 2018
- Research Description
- The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
- Affected versions
-
max 2.4.
- Status
-
vulnerable
GD Rating System # CVE-2018-5293
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 08, 2018
- Research Description
- The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
- Affected versions
-
max 2.4.
- Status
-
vulnerable
GD Rating System # CVE-2017-18591
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 27, 2019
- Research Description
- The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.
- Affected versions
-
max 2.1.
- Status
-
vulnerable
GD Rating System # CVE-2018-5287
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 08, 2018
- Research Description
- The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
- Affected versions
-
max 2.4.
- Status
-
vulnerable
GD Rating System # CVE-2018-5292
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 08, 2018
- Research Description
- The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
- Affected versions
-
max 2.4.
- Status
-
vulnerable
Jul 14, 2024
GD Rating System # CVE-2024-38709
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 12, 2024
- Research Description
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Milan Petrovic GD Rating System allows PHP Local File Inclusion.This issue affects GD Rating System: from n/a through 3.6.
- Affected versions
-
max 3.6.1.
- Status
-
vulnerable
Nov 20, 2024
GD Rating System # CVE-2024-11198
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 19, 2024
- Research Description
- The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 3.6.2.
- Status
-
vulnerable
May 07, 2026
GD Rating System # CVE-2026-42639
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- GD Rating System [gd-rating-system] < 3.7 CVE-2026-42639
- Affected versions
-
max 3.7.
- Status
-
vulnerable
Jun 15, 2026
GD Rating System # 65d953509fcb30ba0d8ea390f36d7752b1102217
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 08, 2024
- Research Description
- GD Rating System [gd-rating-system] < 3.5.1 GD Rating System <= 3.5.0 - Unauthenticated Stored Cross-Site Scripting via IP The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via IP Address values in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 3.5.1.
- Status
-
vulnerable
GD Rating System # 06d3bc8afd63b0abab70e29535ea8808322e7ce7
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 08, 2024
- Research Description
- GD Rating System [gd-rating-system] < 3.5.1 WordPress GD Rating System Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS) Update the WordPress GD Rating System plugin to the latest available version (at least 3.5.1). WordFence discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress GD Rating System Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.5.1. Have additional information or questions about this entry? Get in touch.
- Affected versions
-
max 3.5.1.
- Status
-
vulnerable
Jul 10, 2026
GD Rating System # CVE-2026-57771
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- GD Rating System [gd-rating-system] <= 3.7 (unfixed) CVE-2026-57771
- Affected versions
-
max 3.7.
- Status
-
vulnerable