Security Advisory

CVE-2021-25117

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-16 15:49:22
Last updated 2025-06-17 14:09:11
Assigner WPScan
State PUBLISHED

Description

The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfiltered_html capability is disabled.