CVE-2023-4642
kk Star Ratings < 5.4.6 - Rating Tampering via Race ConditionThe kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
We have discovered 5,749 live websites that are affected by CVE-2023-4642.
Affected Software
| Product |  kk Star Ratings |
| Category | Wordpress Plugins |
| Vulnerable Domains | 5,749 live websites (22% of kk Star Ratings install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 42 versions ( 86% of all versions) |
Common Weakness Enumeration
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')Details
- Published - Nov 27, 2023
- Updated - Aug 2, 2024
Credits
- Mohammad Reza Omrani (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-4642 United States | 978 websites |
 Vietnam | 1,219 websites |
 France | 500 websites |
 Poland | 404 websites |
 Iran | 388 websites |
 Germany | 366 websites |
 Russia | 357 websites |
 Spain | 269 websites |
 Czech Republic | 103 websites |
 Slovakia | 88 websites |
Website Distribution by TLD
Number of websites using CVE-2023-4642| .com | 2,230 websites |
| .pl | 319 websites |
| .ru | 317 websites |
| .net | 280 websites |
| .fr | 239 websites |
| .de | 150 websites |
| .org | 140 websites |
| .es | 112 websites |
| .cz | 95 websites |
| .info | 69 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-4642
Top websites that are affected by CVE-2023-4642. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.com | United States | *,*** | |
| *******************.ro |  Romania | **,*** | |
| *********.co | United States | **,*** | |
| **************.org | United States | **,*** | |
| *******.com | United States | **,*** | |
| *****.dk |  Denmark | **,*** | |
| **************.com | Spain | **,*** | |
| ********.com | France | **,*** | |
| ******.net | Vietnam | **,*** | |
| ********.net |  GB | ***,*** |
FAQ
CVE-2023-4642 is Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in kk Star Ratings
A total of 5,749 websites have been identified as vulnerable to CVE-2023-4642, based on global website indexing conducted by WebTechSurvey.
The kk Star Ratings is affected by the CVE-2023-4642 vulnerability.
kk Star Ratings versions up to 5.4.6 are vulnerable to CVE-2023-4642.
CVE-2023-4642 is resolved in version 5.4.6 of kk Star Ratings.