The plugin does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.
1. Create a poll and publish a page with a poll. 2. Visit the page with the poll. 3. Using Burp and the Turbo Intruder extension, intercept the poll submission. 4. Send the request to Turbo Intruder using Action > Extensions > Turbo Intruder > Send to turbo intruder. 5. Drop the initial request and turn Intercept off. 6. In the Turbo Intruder window, add the header S: %s
. 7. Use the code examples/race.py
. 8. Click “Attack” at the bottom of the window. This will send multiple requests to the server at the exact same moment. 9. Log into the site and visit /wp-admin/admin.php?page=forminator-reports&form;_type=forminator_polls&form;_id=5
(replacing the form_id
parameter with a valid one). 10. Notice that more than one submission has been recorded. Note that this cannot be replicated on a single-process, single-threaded WordPress server.