Headline
CVE-2022-40130: WordPress WP-Polls plugin <= 2.76.0 - Race Condition vulnerability - Patchstack
Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.
Verified
Fixed
4.3
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 2.76.0
PSID
f9da12615bcc
Classification
Other Vulnerability Type
OWASP Top 10
A1: Injection
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-10-05
Details
Race Condition vulnerability leading to voting manipulation discovered by Nguy Minh Tuan (Patchstack Alliance) in the WordPress WP-Polls plugin (versions <= 2.76.0).
Solution
Update the WordPress WP-Polls plugin to the latest available version (at least 2.77.0).
References