5.9
CVE-2023-4642
- EPSS 0.41%
- Veröffentlicht 27.11.2023 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:35:35
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
Loginkk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
kk Star Ratings <= 5.4.5 - Race Condition to Multiple User Voting
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
Mögliche Gegenmaßnahme
kk Star Ratings – Rate Post & Collect User Feedbacks: Update to version 5.4.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kamalkhan ≫ Kk Star Ratings SwPlatformwordpress Version < 5.4.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
kk Star Ratings – Rate Post & Collect User Feedbacks
Version
*-5.4.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.329 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://wpscan.com/vulnerability/6f481d34-6feb-4af2-914c-1f3288f69207
https://www.wordfence.com/threat-intel/vulnerabilities/id/003694f8-23be-4c94-899d-76b9b8488202