CVE-2023-39305
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2023-39305 is a missed authorization vulnerability affecting Yet Another Stars Rating (YASR), a popular WordPress plugin used for displaying user ratings. The issue stems from YASR's misconfiguration of access control security levels, allowing unauthorized access and potential exploitation. This vulnerability can impact any version of YASR from n/a through 3.4.3. Malicious actors can exploit this flaw to gain unwarranted privileges and manipulate user ratings, posing a significant threat to the security and integrity of affected websites. Users are urged to update to the latest version of YASR or implement appropriate security measures to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.