kk Star Ratings
Vulnerabilities (4 posts)

  1. tniessen
    Posted 3 years ago #


    we have used this plugin for some months now. It is doing a good job on our site and is stable.
    I stumbled over two problems today:

    1. This plugin is vulnerable to integer injections: It does not check the POST data in AJAX requests. It is possible to inject huge (both positive and negative) ratings through the 'stars' parameter.
    2. Your PHP code does not check the AJAX source IP. It just tells the browser not to allow rating more often than once. This allows an unlimited number of ratings.

    Both vulnerabilities allow setting a post's rating to any value. Combining them makes it even easier.

    Best regards


  2. tniessen
    Posted 3 years ago #

    Thanks for fixing #1! But I think it is still possible to rate an article several times from a single IP address:
    curl --data "action=kksr_ajax&id=$POST_ID&stars=$STARS&_wpnonce=$NONCE" $BLOG_URL/wp-admin/admin-ajax.php

  3. Kamal Khan
    Plugin Author

    Posted 3 years ago #

    I don't think so. I will dry run it again to check.

    What is happening right now is that the ip is stored in the db as an array. If you try posting multiple times, it will fail because it will already find the ip in the array.

  4. Kamal Khan
    Plugin Author

    Posted 3 years ago #

    okay, you are right. I thought of adding the check, but realize that it went passed my head and was not implemented.

    Will be releasing a fix shortly.


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • kk Star Ratings
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic