Description
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/6f481d34-6feb-4af2-914c-1f3288f69207
Scores
CVSS v3
5.9
EPSS
0.0041
EPSS Percentile
32.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-362
Status
published
Products (1)
kamalkhan/kk_star_ratings
< 5.4.6
Published
Nov 27, 2023
Tracked Since
Feb 18, 2026