WP ULike < 4.6.5 – Unauthenticated Rating Tampering via Race Condition | CVE 2022-45842

Affects Plugins

wp-ulike

Fixed in 4.6.5

References

CVE

CVE-2022-45842

Classification

Type

RACE CONDITION

OWASP top 10

A6: Security Misconfiguration

CWE

CWE-362

CVSS

3.7 (low)

Miscellaneous

Original Researcher

minhtuanact

Verified

No

WPVDB ID

79f7591b-36a7-4b5a-a402-d61bddff9bd1

Timeline

Publicly Published

2022-11-24 (about 3 years ago)

Added

2022-11-30 (about 3 years ago)

Last Updated

2022-11-30 (about 3 years ago)

Other

Published

Title

Published

2025-12-15

Title

Fancy Product Designer | WooCommerce WordPress < 6.5.0 - Unauthenticated Server-Side Request Forgery via Race Condition

Published

2026-02-20

Title

TeraWallet – For WooCommerce < 1.5.16 - Authenticated (Customer+) Race Condition

Published

2025-09-22

Title

MasterStudy LMS < 3.6.21 - Authenticated (Subscriber+) Race Condition to Multiple Reviews

Published

2025-07-30

Title

myCred < 2.9.4.4 - Authenticated (Subscriber+) Race Condition

Published

2022-10-05

Title

WP-Polls < 2.77.0 - Subscriber+ Race Condition