YASR – Yet Another Star Rating Plugin for WordPress

Vulnerabilities 15Slug yet-another-stars-ratingLatest version 3.4.15WordPress.org →

Minimum safe version

3.4.15

Update to 3.4.15 or later to address 15 fixable vulnerabilities

Latest available3.4.15 ✓

Medium 6.1

2026-05-01< 3.4.15

CVE-2024-13362

CVE Wordfence

Medium 6.3

2024-10-16< 3.0.2

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE

Medium 5.3

2024-12-13< 3.4.4

CVE-2023-39305

CVE Patchstack Wordfence WPScan

N/A

2023-07-18< 3.4.2

WordPress Yet Another Stars Rating Plugin < 3.4.2 is vulnerable to Cross Site Scripting (XSS)

Patchstack WPScan CVE

Low 3.7

2023-11-30< 3.3.9

CVE-2023-37867

CVE Patchstack Wordfence

Medium 5.4

2023-03-16< 3.1.3

CVE-2022-40699

CVE Patchstack Wordfence WPScan

N/A

2019-01-27< 1.8.7

Yet Another Stars Rating <= 1.8.6 - Unauthenticated PHP Object Injection

Wordfence

N/A

2022-03-04< 2.0.2

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence

N/A

< 1.8.7

Yet Another Stars Rating <= 1.8.6 - PHP Object Injection

WPScan

N/A

2015-07-06< 0.9.1

WordPress Yet Another Stars Rating Plugin <= 0.9.0 - Blind SQL Injection

Patchstack

N/A

2019-01-28< 1.8.7

WordPress Yet Another Stars Rating plugin <= 1.8.6 - PHP Object Injection vulnerability

Patchstack

N/A

2022-02-28< 3.0.2

WordPress Yet Another Stars Rating plugin < 3.0.2 - Sensitive Information Disclosure vulnerability

Patchstack

N/A

2022-02-28< 3.0.2

WordPress Yet Another Stars Rating plugin < 3.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

High 8.8

2019-10-10< 0.9.1

CVE-2015-9465

CVE Wordfence WPScan

Medium 6.1

2022-02-04< 3.0.2

CVE-2022-23980

CVE Patchstack Wordfence WPScan