Vulnerability Description
SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dev4Press | Gd Star Rating | 19.22 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Mar/399
- https://advisories.dxw.com/advisories/csrf-and-blind-sql-injection-in-gd-star-ra
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92156
- http://seclists.org/fulldisclosure/2014/Mar/399
- https://advisories.dxw.com/advisories/csrf-and-blind-sql-injection-in-gd-star-ra
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92156
FAQ
What is CVE-2014-2839?
CVE-2014-2839 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-a...
How severe is CVE-2014-2839?
CVE-2014-2839 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2839?
Check the references section above for vendor advisories and patch information. Affected products include: Dev4Press Gd Star Rating.