WordPress Plugin Vulnerabilities

kk Star Ratings < 5.4.6 - Missing Authorization

Description

The kk Star Ratings plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 5.4.5. This makes it possible for unauthenticated attackers to make use of this functionality. The exact impact of this vulnerability is unknown.

Affects Plugins

Plugin icon
kk-star-ratings
Fixed in 5.4.6

References

CVE
CVE-2023-46639
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/1af442f7-b57c-47bd-9733-5e6bb5c89443

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
b268c5ab-d1d7-42c6-a8ff-df60dd1e6a21

Timeline

Publicly Published
2023-10-25 (about 2 years ago)
Added
2023-11-24 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-12-12
Title
Trinity Audio < 5.24 - Missing Authorization
Published
2025-01-13
Title
W3 Total Cache < 2.8.2 - Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation
Published
2024-01-08
Title
MailerLite – WooCommerce integration < 2.0.9 - Missing Authorization via Multiple Functions
Published
2025-03-31
Title
Google SEO Pressor Snippet <= 2.0 - Missing Authorization
Published
2024-08-28
Title
ReviveNews < 1.0.3 - Missing Authorization via revivenews_install_and_activate_plugins()