Update the WordPress Yet Another Stars Rating plugin to the latest available version (at least 1.8.7).
Paul Dannewitz discovered and reported this PHP Object Injection vulnerability in WordPress Yet Another Stars Rating Plugin. This could allow a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more. This could allow a malicious actor to take-over a website. This vulnerability has been fixed in version 1.8.7.
Toggle The Debug Mode via CrossSite Request Forgery (CSRF) vulnerability
Sensitive Information Disclosure vulnerability
CrossSite Scripting (XSS) vulnerability
Blind SQL Injection