WordPress Plugin Vulnerabilities

Rate my Post < 3.3.5 - Subscriber+ Votes Tampering via Race Condition

Description

The plugin is affected by a race condition issues allowing subscriber users to tamper with votes to increment to decrement them

Affects Plugins

Plugin icon
rate-my-post
Fixed in 3.3.5

References

CVE
CVE-2022-40310

Classification

Type
RACE CONDITION
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-362
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nguy Minh Tuan
Verified
No
WPVDB ID
9980e253-9134-44aa-aaab-ec669a065bc8

Timeline

Publicly Published
2022-09-14 (about 3 years ago)
Added
2022-09-24 (about 3 years ago)
Last Updated
2022-09-24 (about 3 years ago)

Other

Published
Title
Published
2025-09-22
Title
MasterStudy LMS < 3.6.21 - Authenticated (Subscriber+) Race Condition to Multiple Reviews
Published
2023-11-13
Title
YOP Poll < 6.5.27 - Unauthenticated Vote Manipulation via Race Condition
Published
2022-08-31
Title
WP-PostRatings < 1.90 - Ratings Tempering via Race Condition
Published
2023-06-12
Title
Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote
Published
2022-01-19
Title
AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition