vulnerability

WordPress Plugin: yet-another-stars-rating: CVE-2023-39305: Missing Authorization

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Nov 27, 2023	May 15, 2025	May 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Nov 27, 2023

Added

May 15, 2025

Modified

May 15, 2025

Description

The Yet Another Stars Rating plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the init function in versions up to, and including, 3.4.3. This makes it possible for unauthenticated attackers to vote on private or nonexistent posts.

Solution

yet-another-stars-rating-plugin-cve-2023-39305

References

URL-https://www.cve.org/CVERecord?id=CVE-2023-39305
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/395b016f-018c-458d-a585-34f3de3eae5c?source=api-prod
CVE-2023-39305
https://attackerkb.com/topics/CVE-2023-39305

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today