Vulners
Lucene search
KK Star Ratings Race Condition
🗓️ 05 Mar 2024 00:00:00Reported by Mohammad Reza OmraniType 
packetstorm🔗 packetstormsecurity.com👁 396 Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition Vulnerability | 5 Mar 202400:00 | – | zdt |
 | CVE-2023-4642 | 17 Dec 202308:36 | – | circl |
 | WordPress plugin kk Star Ratings security vulnerability | 27 Nov 202300:00 | – | cnnvd |
 | CVE-2023-4642 | 27 Nov 202316:21 | – | cve |
 | CVE-2023-4642 kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition | 27 Nov 202316:21 | – | cvelist |
 | kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition | 5 Mar 202400:00 | – | exploitdb |
 | EUVD-2023-54494 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-4642 | 27 Nov 202317:15 | – | nvd |
 | WordPress kk Star Ratings Plugin < 5.4.6 Race Condition Vulnerability | 29 Nov 202300:00 | – | openvas |
 | Race condition | 27 Nov 202317:15 | – | prion |
10
`# Exploit Title: kk Star Ratings < 5.4.6 - Rating Tampering via Race
Condition
# Google Dork: inurl:/wp-content/plugins/kk-star-ratings/
# Date: 2023-11-06
# Exploit Author: Mohammad Reza Omrani
# Vendor Homepage: https://github.com/kamalkhan
# Software Link: https://wordpress.org/plugins/kk-star-ratings/
# WPScan :
https://wpscan.com/vulnerability/6f481d34-6feb-4af2-914c-1f3288f69207/
# Version: 5.4.6
# Tested on: Wordpress 6.2.2
# CVE : CVE-2023-4642
# POC:
1- Install and activate kk Star Ratings.
2- Go to the page that displays the star rating.
3- Using Burp and the Turbo Intruder extension, intercept the rating
submission.
4- Send the request to Turbo Intruder using Action > Extensions > Turbo
Intruder > Send to turbo intruder.
5- Drop the initial request and turn Intercept off.
6- In the Turbo Intruder window, add "%s" to the end of the connection
header (e.g. "Connection: close %s").
7- Use the code `examples/race.py`.
8- Click "Attack" at the bottom of the window. This will send multiple
requests to the server at the same moment.
9- To see the updated total rates, reload the page you tested.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Mar 2024 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.15.9
EPSS0.00099