Lucene search

PatchstackCVELIST:CVE-2023-37867

HistoryNov 30, 2023 - 2:11 p.m.

CVE-2023-37867 WordPress Yet Another Stars Rating Plugin <= 3.3.8 is vulnerable to Race Condition

2023-11-3014:11:23

CWE-367

Patchstack

www.cve.org

wordpress

yasr plugin

cve-2023-37867

vulnerable

race condition

toctou

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "yet-another-stars-rating",
    "product": "YASR – Yet Another Star Rating Plugin for WordPress",
    "vendor": "YetAnotherStarsRating.com",
    "versions": [
      {
        "changes": [
          {
            "at": "3.3.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.3.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/yet-another-stars-rating/wordpress-yasr-yet-another-stars-rating-plugin-3-3-8-race-condition-vulnerability?_s_id=cve

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVELIST:CVE-2023-37867