CVE-2023-2010

CWE-362 — Race Condition CWE-20 — Improper Input Validation CWE-416 — Use After Free10 documents6 sources

Severity

3.1LOW

EPSS

0.1%

top 75.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Forminator Incsub Forminator

Timeline

PublishedJul 4

Latest updateSep 15

Description

The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

▶NVDincsub/forminator< 1.24.1

▶CVEListV5unknown/forminator< 1.24.1

🔴Vulnerability Details

CVEList

Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote↗2023-07-04

▶

GHSA

GHSA-mpfv-fqq5-66mx: The Forminator WordPress plugin before 1↗2023-07-04

▶

📋Vendor Advisories

Red Hat

kernel: nubus: Partially revert proc_create_single_data() conversion↗2025-09-15

▶

Red Hat

vim: use after free↗2023-10-10

▶

CISA

Linux Kernel Improper Input Validation Vulnerability↗2023-05-12

▶

Red Hat

exim: hard-link following vulnerability in mailbox handling↗2010-06-03

▶

💬Community

Bugzilla

CVE-2010-4554 CVE-2010-4555 CVE-2011-2023 squirrelmail various flaws [epel-6]↗2011-07-12

▶

Bugzilla

CVE-2010-2023 exim: hard-link following vulnerability in mailbox handling↗2010-06-03

▶