WordPress Plugin Vulnerabilities

WP-Polls < 2.77.0 - Subscriber+ Race Condition

Description

The plugin is affect by a race condition which could allow any authenticated users to tamper with the votes on a poll

Affects Plugins

Plugin icon
wp-polls
Fixed in 2.77.0

References

CVE
CVE-2022-40130

Classification

Type
RACE CONDITION
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-362
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nguy Minh Tuan
Verified
No
WPVDB ID
9dbe8fea-6286-4953-b4a1-bddf270dff51

Timeline

Publicly Published
2022-10-05 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-11-20 (about 3 years ago)

Other

Published
Title
Published
2025-07-30
Title
myCred < 2.9.4.4 - Authenticated (Subscriber+) Race Condition
Published
2023-06-12
Title
Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote
Published
2025-09-22
Title
MasterStudy LMS < 3.6.21 - Authenticated (Subscriber+) Race Condition to Multiple Reviews
Published
2026-05-24
Title
Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition
Published
2022-09-14
Title
Rate my Post < 3.3.5 - Subscriber+ Votes Tampering via Race Condition