Skip to main content

Gd Rating System

11 CVEs product

Monthly

CVE-2026-57771 HIGH This Week

Blind SQL injection in the GD Rating System WordPress plugin (versions up to and including 3.7) allows authenticated attackers to inject arbitrary SQL into backend database queries. Because the CVSS vector shows PR:L, a low-privileged authenticated user can extract sensitive database contents (CVSS 8.5, scope-changed). No public exploit identified at time of analysis; the flaw was reported by Patchstack via its coordinated disclosure database.

SQLi Gd Rating System
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-42639 CRITICAL Act Now

Unauthenticated SQL injection in the GD Rating System WordPress plugin (versions <= 3.6.2) allows remote attackers to inject arbitrary SQL queries against the WordPress database without any authentication or user interaction. The flaw carries a CVSS 3.1 score of 9.3 with scope change, indicating database tampering can affect resources beyond the plugin itself. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

SQLi Gd Rating System
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-25093 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gd Rating System
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2018-5293 MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gd Rating System
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-5292 MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gd Rating System
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-5291 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5290 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5289 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5288 MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gd Rating System
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-5287 HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP Gd Rating System
NVD GitHub
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5286 MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gd Rating System
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
EPSS 0% CVSS 8.5
HIGH This Week

Blind SQL injection in the GD Rating System WordPress plugin (versions up to and including 3.7) allows authenticated attackers to inject arbitrary SQL into backend database queries. Because the CVSS vector shows PR:L, a low-privileged authenticated user can extract sensitive database contents (CVSS 8.5, scope-changed). No public exploit identified at time of analysis; the flaw was reported by Patchstack via its coordinated disclosure database.

SQLi Gd Rating System
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated SQL injection in the GD Rating System WordPress plugin (versions <= 3.6.2) allows remote attackers to inject arbitrary SQL queries against the WordPress database without any authentication or user interaction. The flaw carries a CVSS 3.1 score of 9.3 with scope change, indicating database tampering can affect resources beyond the plugin itself. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

SQLi Gd Rating System
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gd Rating System
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal PHP +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy