CVE-2022-40130: 
WordPress vulnerability analysis and mitigation

CVE-2022-40130 is a Race Condition vulnerability affecting the WP-Polls WordPress plugin versions 2.76.0 and below. The vulnerability was discovered and reported by Nguy Minh Tuan and was disclosed on October 5, 2022. The issue affects WordPress installations using the vulnerable versions of the WP-Polls plugin (Patchstack).

The vulnerability is classified as a Race Condition (CWE-362), which involves concurrent execution using shared resources with improper synchronization. The CVSS v3.1 base score is 4.3 (Medium) according to Patchstack, while NVD rates it at 3.1 (Low) with a vector string of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N. The vulnerability requires subscriber-level privileges to exploit (NVD).

The vulnerability has a low severity impact and is considered unlikely to be exploited. The impact is primarily limited to integrity (I:L), with no direct effect on confidentiality (C:N) or availability (A:N) of the system (Patchstack).

The vulnerability has been fixed in version 2.77.0 of the WP-Polls plugin. Users are advised to update to version 2.77.0 or later to remove the vulnerability. The fix implements mutex lock to prevent race conditions (WordPress).