5.3
CVE-2022-45842
- EPSS 0.33%
- Veröffentlicht 30.11.2022 13:15:11
- Zuletzt bearbeitet 14.03.2025 14:54:47
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress WP ULike Plugin <= 4.6.4 is vulnerable to Race Condition vulnerability
WP ULike <= 4.6.4 - Race Condition
Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.
Mögliche Gegenmaßnahme
WP ULike – Like & Dislike Buttons for Engagement and Feedback: Update to version 4.6.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Technowich ≫ Wp Ulike SwPlatformwordpress Version <= 4.6.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP ULike – Like & Dislike Buttons for Engagement and Feedback
Version
*-4.6.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.245 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| audit@patchstack.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-3-race-condition-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/3d5ee8f1-8d86-4af0-af01-b31d2ff993d1