9.8
CVE-2023-40332
- EPSS 0.37%
- Veröffentlicht 04.06.2024 08:15:09
- Zuletzt bearbeitet 03.04.2025 00:27:22
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
WordPress WP-PostRatings plugin <= 1.91 - Rating limit Bypass vulnerability
WP-PostRatings <= 1.91 - IP Spoofing
Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.
Mögliche Gegenmaßnahme
WP-PostRatings: Update to version 1.91.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lesterchan ≫ Wp-postratings SwPlatformwordpress Version < 1.91.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP-PostRatings
Version
*-1.91
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.281 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
CWE-799 Improper Control of Interaction Frequency
The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
https://patchstack.com/database/vulnerability/wp-postratings/wordpress-wp-postratings-plugin-1-91-rating-limit-bypass-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/6aed9434-1681-47d6-bbc1-0815db548a24