WordPress GD Star Rating Plugin 'votes' Parameter SQL Injection Vulnerability

Summary
This host is running WordPress GD Star Rating Plugin and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information. Impact Level: Application
Solution
Upgrade to GD Star Rating Plugin version 1.9.9, For updates refer to http://wordpress.org/extend/plugins/gd-star-rating/ ***** NOTE: Exploit will work when nonce is disabled, by default it will be enabled. *****
Insight
The flaw is caused by improper validation of user-supplied input passed via the 'votes' parameter to /wp-content/plugins/gd-star-rating/ajax.php, which allows attacker to manipulate SQL queries by injecting arbitrary SQL code.
Affected
WordPress GD Star Rating Plugin version 1.9.8 and prior.
References