Detections
Analytics
GD Star Rating Plugin for WordPress 'export.php' Authentication Bypass Information Disclosure
medium Nessus Plugin ID 65704
Language:
Synopsis
The remote web server contains a PHP script that is affected by an authentication bypass information disclosure vulnerability.Description
The GD Star Rating Plugin for WordPress installed on the remote host is affected by a security bypass information disclosure vulnerability.The issue is triggered when the 'plugins/gd-star-rating/export.php' script fails to properly verify user authentication, which allows a remote attacker to access restricted functions and gain access to potentially sensitive information.
Solution
Upgrade to version 1.9.19 or later.See Also
http://www.nessus.org/u?adba423d
https://wordpress.org/plugins/flash-album-gallery/#changelog
Plugin Details
Severity: Medium
ID: 65704
File Name: wordpress_gd_star_rating_information_disclosure.nasl
Version: 1.10
Type: remote
Family: CGI abuses
Published: 3/27/2013
Updated: 6/4/2024
Supported Sensors: Nessus
Enable CGI Scanning: true
Vulnerability Information
CPE: cpe:/a:wordpress:wordpress
Required KB Items: installed_sw/WordPress, www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 7/24/2012
Vulnerability Publication Date: 7/24/2012
Reference Information
BID: 54666