Lucene search
Captain_hookWPEX-ID:D0DA4C0D-622F-4310-A867-6BFDB474073AHistoryJun 12, 2023 - 12:00 a.m.
Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote
2023-06-1200:00:00
captain_hook
74
forminator
unauthenticated
race condition
poll vote
burp
turbo intruder
intercept
vulnerability
exploit
wordpress server.
EPSS
0.001
Percentile
21.7%
The plugin does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.
1. Create a poll and publish a page with a poll.
2. Visit the page with the poll.
3. Using Burp and the Turbo Intruder extension, intercept the poll submission.
4. Send the request to Turbo Intruder using Action > Extensions > Turbo Intruder > Send to turbo intruder.
5. Drop the initial request and turn Intercept off.
6. In the Turbo Intruder window, add the header `S: %s`.
7. Use the code `examples/race.py`.
8. Click "Attack" at the bottom of the window. This will send multiple requests to the server at the exact same moment.
9. Log into the site and visit `/wp-admin/admin.php?page=forminator-reports&form_type=forminator_polls&form_id=5` (replacing the `form_id` parameter with a valid one).
10. Notice that more than one submission has been recorded.
Note that this cannot be replicated on a single-process, single-threaded WordPress server.Related
cve
cve
CVE-2023-2010
2023-07-04 08:15:10
wpvulndb
wpvulndb
Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote
2023-06-12 00:00:00
cvelist
cvelist
openvas
openvas
WordPress Forminator Plugin < 1.24.1 Race Condition Vulnerability
2023-09-05 00:00:00
nvd
nvd
CVE-2023-2010
2023-07-04 08:15:10
prion
prion
Race condition
2023-07-04 08:15:00
wordfence
wordfence