GD Star Rating Plugin for WordPress 'export.php' Authentication Bypass Information Disclosure

medium Nessus Plugin ID 65704

Synopsis

The remote web server contains a PHP script that is affected by an authentication bypass information disclosure vulnerability.

Description

The GD Star Rating Plugin for WordPress installed on the remote host is affected by a security bypass information disclosure vulnerability.
The issue is triggered when the 'plugins/gd-star-rating/export.php' script fails to properly verify user authentication, which allows a remote attacker to access restricted functions and gain access to potentially sensitive information.

Solution

Upgrade to version 1.9.19 or later.

See Also

http://www.nessus.org/u?adba423d

https://wordpress.org/plugins/flash-album-gallery/#changelog

Plugin Details

Severity: Medium

ID: 65704

File Name: wordpress_gd_star_rating_information_disclosure.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 3/27/2013

Updated: 6/4/2024

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 7/24/2012

Vulnerability Publication Date: 7/24/2012

Reference Information

BID: 54666