CVE-2015-9465

The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.

Published : 2019-10-10 17:15 Updated : 2019-10-15 20:15

6.5
CVSS Score More info
Score 6.5 / 10
6.5

CPE

There is no CPE for this CVE.

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-10-15 20:15
2019-10-10 17:15

New CVE