Description
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://wpvulndb.com/vulnerabilities/8995
Exploit, Third Party Advisory x_refsource_misc
https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md
Broken Link x_refsource_misc
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/
Scores
CVSS v3
7.5
EPSS
0.0370
EPSS Percentile
88.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
gd_rating_system_project/gd_rating_system
2.3
Published
Jan 08, 2018
Tracked Since
Feb 18, 2026