Browse all 4 CVE security advisories affecting FeedbackWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FeedbackWP is a WordPress plugin designed to collect and manage user feedback through forms and comments. Historically, it has been susceptible to multiple security vulnerabilities, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, with four CVEs documented. The plugin's handling of user input and file uploads has frequently introduced security risks, allowing attackers to execute malicious code or gain unauthorized access. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations, emphasizing the need for timely updates and input sanitization.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-46639 | WordPress kk Star Ratings plugin <= 5.4.5 - Broken Access Control vulnerability — kk Star RatingsCWE-862 | 5.3 | Medium | 2025-01-02 |
| CVE-2023-36528 | WordPress kk Star Ratings plugin <= 5.4.3 - Rate Manipulation due to IP Spoofing Vulnerability — kk Star RatingsCWE-862 | 5.3 | Medium | 2024-12-13 |
| CVE-2023-51667 | WordPress Rate my Post – WP Rating System plugin <= 3.4.2 - Broken Access Control vulnerability — Rate my Post – WP Rating SystemCWE-290 | 5.3 | Medium | 2024-06-04 |
| CVE-2024-32823 | WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability — Rate my Post – WP Rating SystemCWE-639 | 5.3 | Medium | 2024-04-24 |
This page lists every published CVE security advisory associated with FeedbackWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.