VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 4 known issues Latest disclosed Dec 20, 2024

kk Star Ratings – Rate Post & Collect User Feedbacks Vulnerabilities

Review known vulnerability records for the WordPress plugin kk Star Ratings – Rate Post & Collect User Feedbacks (`kk-star-ratings`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-11977, CVE-2023-4642 and CVE-2023-46639, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
4
High or Critical
1
Patch Coverage
100%
Last Updated
Jan 15, 2025
Priority CVE Quick Links

Fast paths into kk Star Ratings – Rate Post & Collect User Feedbacks CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
4
CVE-2024-11977 High 5.4.10.2
CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks Vulnerability

kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution

CVE-2023-4642 Medium 5.4.6
CVE-2023-4642 kk Star Ratings – Rate Post & Collect User Feedbacks Vulnerability

kk Star Ratings <= 5.4.5 - Race Condition to Multiple User Voting

CVE-2023-46639 Medium 5.4.6
CVE-2023-46639 kk Star Ratings – Rate Post & Collect User Feedbacks Vulnerability

kk Star Ratings <= 5.4.5 - Missing Authorization

CVE-2023-36528 Medium 5.4.4
CVE-2023-36528 kk Star Ratings – Rate Post & Collect User Feedbacks Vulnerability

kk Star Ratings <= 5.4.3 - IP Spoofing to Protection Mechanism Bypass

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for kk Star Ratings – Rate Post & Collect User Feedbacks so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
4 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2024-11977, CVE-2023-4642 and CVE-2023-46639
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for kk Star Ratings – Rate Post & Collect User Feedbacks

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2024-11977
CVE-2024-11977: kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution

The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value b...

Published
Dec 20, 2024
Patched Release
5.4.10.2
Affected Versions
Versions up to 5.4.10
Next Step
Update to 5.4.10.2 or newer if supported.
Open CVE-2024-11977 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-4642
CVE-2023-4642: kk Star Ratings <= 5.4.5 - Race Condition to Multiple User Voting

The kk Star Ratings plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 5.4.5. This is due to insufficient controls and checks on a user voting. This makes it possible for unauthenticated attackers to provides ratings more than a single ti...

Published
Nov 06, 2023
Patched Release
5.4.6
Affected Versions
Versions up to 5.4.5
Next Step
Update to 5.4.6 or newer if supported.
Open CVE-2023-4642 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-46639
CVE-2023-46639: kk Star Ratings <= 5.4.5 - Missing Authorization

The kk Star Ratings plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 5.4.5. This makes it possible for unauthenticated attackers to make use of this functionality. Th...

Published
Oct 25, 2023
Patched Release
5.4.6
Affected Versions
Versions up to 5.4.5
Next Step
Update to 5.4.6 or newer if supported.
Open CVE-2023-46639 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-36528
CVE-2023-36528: kk Star Ratings <= 5.4.3 - IP Spoofing to Protection Mechanism Bypass

The kk Star Ratings plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.4.3. This is due to the plugin prioritizing obtaining a visitor's IP address from a spoofable HTTP header over PHP's REMOTE_ADDR. Attackers can supply a header with w...

Published
Jul 17, 2023
Patched Release
5.4.4
Affected Versions
Versions up to 5.4.3
Next Step
Update to 5.4.4 or newer if supported.
Open CVE-2023-36528 Report Open CVE Reference