CVE-2015-9465

The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
Source: NIST
CVE-2015-9465