Vulnerabilities and security researches forkk-star-ratings kk-star-ratings

Jun 07, 2024

CVE, Research URL: CVE-2023-4642
Home page URL: Security reports for kk Star Ratings – Rate Post & Collect User Feedbacks
Application: kk Star Ratings – Rate Post & Collect User Feedbacks
Date: Nov 27, 2023
Research Description: The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
Affected versions: max 5.4.6.
Status: vulnerable

CVE, Research URL: 20047d47abf2358179583e4256217c6ce0bc75d3
Home page URL: Security reports for kk Star Ratings – Rate Post & Collect User Feedbacks
Application: kk Star Ratings – Rate Post & Collect User Feedbacks
Date: Feb 28, 2022
Research Description: kk Star Ratings – Rate Post & Collect User Feedbacks [kk-star-ratings] < 5.2.9 WordPress kk Star Ratings plugin < 5.2.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress kk Star Ratings plugin (versions < 5.2.9).
Affected versions: max 5.2.9.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-46639
Home page URL: Security reports for kk Star Ratings – Rate Post & Collect User Feedbacks
Application: kk Star Ratings – Rate Post & Collect User Feedbacks
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.5.
Affected versions: max 5.4.6.
Status: vulnerable

CVE, Research URL: CVE-2023-36528
Home page URL: Security reports for kk Star Ratings – Rate Post & Collect User Feedbacks
Application: kk Star Ratings – Rate Post & Collect User Feedbacks
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3.
Affected versions: max 5.4.4.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for kk Star Ratings – Rate Post & Collect User Feedbacks
Application: kk Star Ratings – Rate Post & Collect User Feedbacks
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 5.2.9.
Status: vulnerable

Dec 21, 2024

CVE, Research URL: CVE-2024-11977
Home page URL: Security reports for kk Star Ratings – Rate Post & Collect User Feedbacks
Application: kk Star Ratings – Rate Post & Collect User Feedbacks
Date: Dec 21, 2024
Research Description: The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions: max 5.4.10.1.
Status: vulnerable