Lucene search

PatchstackCVELIST:CVE-2022-40130

HistoryNov 18, 2022 - 10:31 p.m.

CVE-2022-40130 WordPress WP-Polls plugin <= 2.76.0 - Auth. Race Condition vulnerability

2022-11-1822:31:42

Patchstack

www.cve.org

wordpress

wp-polls

auth.

race condition

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.

CNA Affected

[
  {
    "vendor": "Lester 'GaMerZ' Chan",
    "product": "WP-Polls (WordPress plugin)",
    "versions": [
      {
        "version": "<= 2.76.0",
        "status": "affected",
        "lessThanOrEqual": "2.76.0",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-polls/wordpress-wp-polls-plugin-2-76-0-race-condition-vulnerability?_s_id=cve

wordpress.org/plugins/wp-polls/#developers

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Related for CVELIST:CVE-2022-40130