// For flags

CVE-2022-40130

WordPress WP-Polls plugin <= 2.76.0 - Auth. Race Condition vulnerability

Severity Score

3.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.

Vulnerabilidad de CondiciĆ³n de EjecuciĆ³n en el complemento WP-Polls en versiones &lt;= 2.76.0 en WordPress.

The WP-Polls plugin for WordPress is vulnerable to Race Condition in the function vote_poll_process() in versions up to, and including, 3.3.4. This can lead to unpredictable polling result changes when certain conditions are met.

*Credits: Vulnerability discovered by Nguy Minh Tuan (Patchstack Alliance)
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-09-27 CVE Reserved
  • 2022-10-05 CVE Published
  • 2024-04-27 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wp-polls Project
Search vendor "Wp-polls Project"
 Wp-polls
Search vendor "Wp-polls Project" for product "Wp-polls"
 < 2.77.0
Search vendor "Wp-polls Project" for product "Wp-polls" and version " < 2.77.0"
wordpress
Affected