WP-PostRatings < 1.90 – Ratings Tempering via Race Condition | CVE 2022-36422

Affects Plugins

wp-postratings

Fixed in 1.90

References

CVE

CVE-2022-36422

Classification

Type

RACE CONDITION

OWASP top 10

A6: Security Misconfiguration

CWE

CWE-362

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Nguy Minh Tuan

Verified

No

WPVDB ID

9f2456f1-4894-4dea-a212-23eab3e963a8

Timeline

Publicly Published

2022-08-31 (about 3 years ago)

Added

2022-09-15 (about 3 years ago)

Last Updated

2022-09-15 (about 3 years ago)

Other

Published

Title

Published

2022-09-14

Title

Rate my Post < 3.3.5 - Subscriber+ Votes Tampering via Race Condition

Published

2022-11-24

Title

WP ULike < 4.6.5 - Unauthenticated Rating Tampering via Race Condition

Published

2022-01-19

Title

AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition

Published

2025-09-22

Title

MasterStudy LMS < 3.6.21 - Authenticated (Subscriber+) Race Condition to Multiple Reviews

Published

2023-11-13

Title

YOP Poll < 6.5.27 - Unauthenticated Vote Manipulation via Race Condition