Lucene search

PatchstackCVELIST:CVE-2022-40310

HistorySep 23, 2022 - 2:20 p.m.

CVE-2022-40310 WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Race Condition vulnerability

2022-09-2314:20:52

Patchstack

www.cve.org

wordpress

rate my post

3.3.4

race condition

vulnerability

authentication

attackers

votes

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes.

CNA Affected

[
  {
    "product": "Rate my Post – WP Rating System (WordPress plugin)",
    "vendor": "Blaz K.",
    "versions": [
      {
        "lessThanOrEqual": "3.3.4",
        "status": "affected",
        "version": "<= 3.3.4",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-3-4-race-condition-vulnerability/_s_id=cve

wordpress.org/plugins/rate-my-post/#developers

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2022-40310