Editorial Rating Product Review Rating System
Monthly
Stored Cross-Site Scripting in the Editorial Rating - Product Review & Rating System WordPress plugin (versions ≤ 4.0.5) enables authenticated administrators to inject persistent JavaScript payloads via the 'Link URL' field, which execute in any site visitor's browser upon loading an affected review page. The attack exploits a WordPress-specific sanitization bypass: because the payload is stored in post meta (_wpas_er_options via update_post_meta) rather than post_content or post_excerpt, WordPress's unfiltered_html capability exemption does not apply, meaning the restriction affects all administrators regardless of their unfiltered_html status. No public exploit has been identified at time of analysis and no active exploitation is confirmed; real-world risk is substantially constrained by the PR:H (administrator) prerequisite.
Stored Cross-Site Scripting in the Editorial Rating - Product Review & Rating System WordPress plugin (versions ≤ 4.0.5) enables authenticated administrators to inject persistent JavaScript payloads via the 'Link URL' field, which execute in any site visitor's browser upon loading an affected review page. The attack exploits a WordPress-specific sanitization bypass: because the payload is stored in post meta (_wpas_er_options via update_post_meta) rather than post_content or post_excerpt, WordPress's unfiltered_html capability exemption does not apply, meaning the restriction affects all administrators regardless of their unfiltered_html status. No public exploit has been identified at time of analysis and no active exploitation is confirmed; real-world risk is substantially constrained by the PR:H (administrator) prerequisite.