Vulnerabilities and security researches forgd-rating-system gd-rating-system

Jun 07, 2024

CVE, Research URL: CVE-2018-5288
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Jan 08, 2018
Research Description: The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
Affected versions: max 2.4.
Status: vulnerable

CVE, Research URL: CVE-2018-5286
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Jan 08, 2018
Research Description: The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
Affected versions: max 2.4.
Status: vulnerable

CVE, Research URL: CVE-2018-5289
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Jan 08, 2018
Research Description: The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
Affected versions: max 2.4.
Status: vulnerable

CVE, Research URL: CVE-2018-5290
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Jan 08, 2018
Research Description: The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
Affected versions: max 2.4.
Status: vulnerable

CVE, Research URL: CVE-2024-25093
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Feb 29, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5.
Affected versions: max 3.5.1.
Status: vulnerable

CVE, Research URL: CVE-2018-5291
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Jan 08, 2018
Research Description: The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
Affected versions: max 2.4.
Status: vulnerable

CVE, Research URL: CVE-2018-5293
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Jan 08, 2018
Research Description: The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
Affected versions: max 3.5.1.
Status: vulnerable

CVE, Research URL: CVE-2017-18591
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Aug 27, 2019
Research Description: The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.
Affected versions: max 2.1.
Status: vulnerable

CVE, Research URL: CVE-2018-5287
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Jan 08, 2018
Research Description: The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
Affected versions: max 2.4.
Status: vulnerable

CVE, Research URL: CVE-2018-5292
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Jan 08, 2018
Research Description: The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
Affected versions: max 2.4.
Status: vulnerable

Jul 14, 2024

CVE, Research URL: CVE-2024-38709
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Jul 12, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Milan Petrovic GD Rating System allows PHP Local File Inclusion.This issue affects GD Rating System: from n/a through 3.6.
Affected versions: max 3.6.1.
Status: vulnerable

Nov 20, 2024

CVE, Research URL: CVE-2024-11198
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: Nov 19, 2024
Research Description: The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 3.6.2.
Status: vulnerable

May 07, 2026

CVE, Research URL: CVE-2026-42639
Home page URL: Security reports for GD Rating System
Application: GD Rating System
Date: -
Research Description: GD Rating System [gd-rating-system] < 3.7 CVE-2026-42639
Affected versions: max 3.7.
Status: vulnerable