CVE-2023-2010
Forminator < 1.24.1 - Unauthenticated Race Condition on poll voteThe Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.
We have discovered 4,669 live websites that are affected by CVE-2023-2010.
Affected Software
| Product |  Forminator |
| Category | Wordpress Plugins |
| Vulnerable Domains | 4,669 live websites (6.79% of Forminator install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 77 versions ( 55% of all versions) |
Common Weakness Enumeration
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')Details
- Published - Jul 4, 2023
- Updated - Nov 22, 2024
Credits
- Amirmohammad vakili (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-2010 United States | 1,345 websites |
 France | 334 websites |
 Germany | 328 websites |
 GB | 324 websites |
 Canada | 244 websites |
 Italy | 194 websites |
 Netherlands | 133 websites |
 Poland | 123 websites |
 India | 116 websites |
 Spain | 105 websites |
Website Distribution by TLD
Number of websites using CVE-2023-2010| .com | 2,049 websites |
| .co.uk | 199 websites |
| .org | 176 websites |
| .de | 154 websites |
| .fr | 147 websites |
| .it | 128 websites |
| .nl | 120 websites |
| .ca | 112 websites |
| .com.au | 101 websites |
| .pl | 94 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-2010
Top websites that are affected by CVE-2023-2010. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | *,*** | |
| *****.com | Canada | **,*** | |
| ************.com | United States | **,*** | |
| **********.com | United States | ***,*** | |
| ***********.de | Germany | ***,*** | |
| *********.***.br |  Brazil | ***,*** | |
| ************.io | Germany | ***,*** | |
| *********.co | United States | ***,*** | |
| ***************.de | Germany | ***,*** | |
| **********.com | United States | ***,*** |
FAQ
CVE-2023-2010 is Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in Forminator
A total of 4,669 websites have been identified as vulnerable to CVE-2023-2010, based on global website indexing conducted by WebTechSurvey.
The Forminator is affected by the CVE-2023-2010 vulnerability.
Forminator versions up to 1.24.1 are vulnerable to CVE-2023-2010.
CVE-2023-2010 is resolved in version 1.24.1 of Forminator.