CVE-2023-4642 – kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
https://notcve.org/view.php?id=CVE-2023-4642
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. El complemento kk Star Ratings de WordPress anterior a 5.4.6 no implementa operaciones atómicas, lo que permite a un usuario votar varias veces en una encuesta debido a una condición de ejecución. The kk Star Ratings plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 5.4.5. This is due to insufficient controls and checks on a user voting. This makes it possible for unauthenticated attackers to provides ratings more than a single time. • https://wpscan.com/vulnerability/6f481d34-6feb-4af2-914c-1f3288f69207 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-35438
https://notcve.org/view.php?id=CVE-2020-35438
Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el plugin kk Star Ratings versiones anteriores a 4.1.5 • https://github.com/kamalkhan/kk-star-ratings/blob/master/CHANGELOG.md https://github.com/kamalkhan/kk-star-ratings/blob/master/CHANGELOG.md#415---2020-12-13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •