exploitDog

CVE-2023-2010

Опубликовано: 04 июл. 2023

Источник: nvd

CVSS3: 3.1

EPSS Низкий

Описание

The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.

Ссылки

https://wpscan.com/vulnerability/d0da4c0d-622f-4310-a867-6bfdb474073a
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d0da4c0d-622f-4310-a867-6bfdb474073a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*

Версия до 1.24.1 (исключая)

EPSS

Процентиль: 21%

0.00069

Низкий

3.1 Low

CVSS3

Дефекты

CWE-362

Связанные уязвимости

GHSA-mpfv-fqq5-66mx

CVSS3: 3.1

github

больше 2 лет назад

The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.

EPSS

Процентиль: 21%

0.00069

Низкий

3.1 Low

CVSS3

Дефекты

CWE-362