CVE-2022-0279Race Condition in Anycomment

CWE-362Race Condition3 documents3 sources
Severity
3.1LOWNVD
EPSS
0.2%
top 61.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Bologer Anycomment
Timeline
PublishedFeb 21
Latest updateFeb 22

Description

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages1 packages

NVDbologer/anycomment< 0.2.18

🔴Vulnerability Details

2
GHSA
GHSA-g7w5-4hph-r98m: The AnyComment WordPress plugin before 02022-02-22
CVEList
AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition2022-02-21
CVE-2022-0279 — Race Condition in Bologer Anycomment | cvebase