CVE-2022-45842 - Vulnerability Details - OpenCVE

Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00089.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Technowich	Wp Ulike

Configuration 1 [-]

cpe:2.3:a:technowich:wp_ulike:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-48696	Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.

Fixes

Solution

Update to 4.6.5 or higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-3-race-condition-vulnerability?_s_id=cve

History

Fri, 14 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Technowich Technowich wp Ulike
CPEs	cpe:2.3:a:wpulike:wp_ulike::::::wordpress::*	cpe:2.3:a:technowich:wp_ulike::::::wordpress::*
Vendors & Products	Wpulike Wpulike wp Ulike	Technowich Technowich wp Ulike

Fri, 21 Feb 2025 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Sep 2024 21:00:00 +0000

Type	Values Removed	Values Added
Description	Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.	Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-11-30T12:40:05.000Z

Updated: 2025-02-20T19:48:43.613Z

Reserved: 2022-11-23T07:45:46.730Z

Link: CVE-2022-45842

Vulnrichment

Updated: 2024-08-03T14:24:03.236Z

NVD

Status : Modified

Published: 2022-11-30T13:15:11.080

Modified: 2025-03-14T14:54:47.220

Link: CVE-2022-45842

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-45842", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "requesterUserId": "d8dbf4e1-529d-4720-9217-aa8466b80059", "dateReserved": "2022-11-23T07:45:46.730Z", "datePublished": "2022-11-30T12:40:05.000Z", "dateUpdated": "2025-02-20T19:48:43.613Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "product": "WP ULike (WordPress plugin)", "vendor": "TechnoWich", "versions": [{"changes": [{"at": "4.6.5", "status": "unaffected"}], "lessThanOrEqual": "4.6.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "minhtuanact (Patchstack Alliance)"}], "datePublic": "2022-11-24T12:31:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on <span style=\"background-color: rgb(255, 255, 255);\">WordPress allows attackers to increase/decrease rating scores.</span><br>"}], "value": "Unauth. Race Condition vulnerability in\u00a0WP ULike Plugin <= 4.6.4 on\u00a0WordPress allows attackers to increase/decrease rating scores."}], "impacts": [{"capecId": "CAPEC-26", "descriptions": [{"lang": "en", "value": "CAPEC-26 Leveraging Race Conditions"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2022-11-30T12:37:58.845Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-3-race-condition-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.6.5 or higher version."}], "value": "Update to\u00a04.6.5 or higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress WP ULike Plugin <= 4.6.4 is vulnerable to Race Condition vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:03.236Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-3-race-condition-vulnerability?_s_id=cve"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-20T19:14:45.509154Z", "id": "CVE-2022-45842", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T19:48:43.613Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-3-race-condition-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:03.236Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-45842", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-20T19:14:45.509154Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-20T19:14:46.832Z"}}], "cna": {"title": "WordPress WP ULike Plugin <= 4.6.4 is vulnerable to Race Condition vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "minhtuanact (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-26", "descriptions": [{"lang": "en", "value": "CAPEC-26 Leveraging Race Conditions"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TechnoWich", "product": "WP ULike (WordPress plugin)", "versions": [{"status": "affected", "changes": [{"at": "4.6.5", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "4.6.4"}], "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to\u00a04.6.5 or higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 4.6.5 or higher version.", "base64": false}]}], "datePublic": "2022-11-24T12:31:00.000Z", "references": [{"url": "https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-3-race-condition-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Unauth. Race Condition vulnerability in\u00a0WP ULike Plugin <= 4.6.4 on\u00a0WordPress allows attackers to increase/decrease rating scores.", "supportingMedia": [{"type": "text/html", "value": "Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on <span style=\"background-color: rgb(255, 255, 255);\">WordPress allows attackers to increase/decrease rating scores.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2022-11-30T12:37:58.845Z"}}}, "cveMetadata": {"cveId": "CVE-2022-45842", "state": "PUBLISHED", "dateUpdated": "2025-02-20T19:48:43.613Z", "dateReserved": "2022-11-23T07:45:46.730Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2022-11-30T12:40:05.000Z", "requesterUserId": "d8dbf4e1-529d-4720-9217-aa8466b80059", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:technowich:wp_ulike:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A718499E-7D08-49B8-9C06-86BAA56173AD", "versionEndIncluding": "4.6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unauth. Race Condition vulnerability in\u00a0WP ULike Plugin <= 4.6.4 on\u00a0WordPress allows attackers to increase/decrease rating scores."}, {"lang": "es", "value": "Vulnerabilidad de Race Condition No Autorizada en WP ULike Plugin <= 4.6.4 en WordPress permite a los atacantes aumentar/disminuir puntuaciones de calificaci\u00f3n."}], "id": "CVE-2022-45842", "lastModified": "2025-03-14T14:54:47.220", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-30T13:15:11.080", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-3-race-condition-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-3-race-condition-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "audit@patchstack.com", "type": "Primary"}]}