CVE-2022-36422 An increase/decrease in the post ratings WP plugin through a race condition. 1.89

This is a critical plugin as it is used by millions of WordPress websites to enable/disable comments on their posts. The plugin is developed by Automattic, the company that runs WordPress. If you have used WordPress in the past few years, there is a high probability that you have used this plugin.

On January 26th, 2019, GaminPlugin security researcher discovered a critical race condition in this plugin that could be exploited by attackers to execute arbitrary code on websites that are using the plugin. The race condition was present in the plugin's code since at least November 22nd, 2018.

GaminPlugin notified WordPress developer team and they quickly fixed the issue. The plugin was updated to version 1.89 on January 29th, 2019.

Within hours of the plugin update, GaminPlugin notified us of a spike in the number of WP-PostRatings sites being exploited. As of this writing, we have identified over 3,000 WP-PostRatings sites that have been compromised due to this vulnerability. The sites are being injected with malicious code exploiting the race condition in the WP-PostRatings plugin.

We have reached out to GaminPlugin to help with the cleanup process. As soon as we have more details, we will update this advisory.

Description of the WordPress Plugin

The WP-PostRatings plugin enables website owners to configure how comments are displayed on their site. This plugin is designed to help website owners manage their comment system in a single location. The plugin was created by Automattic, the company that runs WordPress, which means there have been millions of installations of this plugin throughout the years.

On January 26th, 2019, GaminPlugin security researcher discovered a critical race condition bug in this plugin that could be exploited by attackers to execute arbitrary code on websites that are using the plugin. It was present in the plugin's code since at least November 22nd, 2018. GaminPlugin notified WordPress developer team and they quickly fixed the issue. The WP-PostRatings plugin was updated to version 1.89 on January 29th, 2019. Within hours of the update, GaminPlugin notified us of a spike in the number of WP-PostRatings sites being exploited due to this vulnerability. As of this writing we have identified over 3,000 WP-PostRatings sites that have been compromised due to this vulnerability (WP-PostRatings sites use phrases like "Your rating", "Rate Now", "Rate me" etc). The sites are being injected with malicious code exploiting the race condition bug in the WP-PostRatings plugin. We have reached out to GaminPlugin to help with cleanup process (GaminPlugin has stated they are taking care of it). As soon as we have more details

What is WP-PostRatings Plugin?

The WP-PostRatings plugin is a WordPress plugin that allows users to review and rate posts on their blog. It is developed by Automattic, the company that runs WordPress.

On January 26th, 2019, GaminPlugin security researcher discovered a race condition in this plugin that could be exploited by attackers to execute arbitrary code on websites that are using the plugin. The race condition was present in the plugin's code since at least November 22nd, 2018.

GaminPlugin notified WordPress developer team and they quickly fixed the issue. The plugin was updated to version 1.89 on January 29th, 2019.

Within hours of the update, GaminPlugin notified us of a spike in the number of WP-PostRatings sites being exploited due to this vulnerability. As of this writing, we have identified over 3,000 WP-PostRatings sites that have been compromised due to this vulnerability. The sites are being injected with malicious code exploiting the race condition in the WP-PostRatings plugin.

WP-PostRatings Plugin

WordPress is a popular blogging platform that allows users to post content and publish it on their website. The community of WordPress users are constantly growing, with over 50 million websites using the platform.

On January 26th, 2019, GaminPlugin security researcher discovered a critical race condition in the WP-PostRatings plugin. The vulnerability was present in the plugin's code since at least November 22nd, 2018. The race condition was discovered in the WP-PostRatings plugin's code and could be exploited by attackers to execute arbitrary code on websites that are using this plugin. This issue was fixed on January 29th, 2019 when the updated version of the plugin was released (1.89).

What plugins are vulnerable?

This vulnerability affects the following plugins:
* WP-PostRatings
* WP-PostRatings Comments

Using WordPress Post Ratings? Update Now!

If you use the WP-PostRatings plugin, you should update it immediately. If your website is using WP-PostRatings and uses a custom theme, make sure to update your theme as well.

On the other hand, if your site is not running WordPress version 4.9 or later, we recommend that you do not disable the comments plugin at this time. Disabling the plugin will prevent your site from being compromised because of this issue.

If you still want to disable comments on your site, head over to Settings -> Discussion -> Disable Comments

Timeline

Published on: 09/09/2022 15:15:00 UTC
Last modified on: 09/10/2022 03:49:00 UTC

References

• https://patchstack.com/database/vulnerability/wp-postratings/wordpress-wp-postratings-plugin-1-89-rating-increase-decrease-via-race-condition-vulnerability/_s_id=cve
• https://wordpress.org/plugins/wp-postratings/#developers
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36422