Description
WordPress Plugin Comment Rating is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker could leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress Plugin Comment Rating version 2.9.20 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/51241/exploit
http://packetstormsecurity.com/files/108314/wpcommentrating-sqlxss.txt
Related Vulnerabilities
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-6970)
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000481)
WordPress Plugin WP Mega Menu Unspecified Vulnerability (1.4.1)
WordPress Plugin Peter's Login Redirect Multiple Vulnerabilities (2.9.0)