http://wordpress.org/support/ WordPress › Support Topic: [Plugin: Vote It Up] Guest Exploit en Tue, 24 Nov 2009 03:14:04 +0000 http://wordpress.org/support/topic/264865#post-1166610 Fri, 07 Aug 2009 12:54:54 +0000 preisjaeger 1166610@http://wordpress.org/support/ <p>it was just a little copy&amp;paste mistake (the wrong variables were given to GuestVoted() ). take a look in this GuestVote-function and you will see, that it's not correct using $post_ID and $user_ID for function GuestVoted(). It was also not escaped, so there was perhabs a little sercurity hole... ;) </p> http://wordpress.org/support/topic/264865#post-1098875 Thu, 11 Jun 2009 16:22:10 +0000 mightymendis 1098875@http://wordpress.org/support/ <p>Thanks for this fix, preisjaeger.</p> <p>Can you, or someone else, explain how it fixes the exploit, please? </p> http://wordpress.org/support/topic/264865#post-1083516 Tue, 26 May 2009 09:07:29 +0000 preisjaeger 1083516@http://wordpress.org/support/ <p>Here is my bugfix to this issue (with your description): <a href="http://www.preisjaeger.at/news/bugfix-in-wp-plugin-vote-it-up-multiple-voting-for-guests/" rel="nofollow">http://www.preisjaeger.at/news/bugfix-in-wp-plugin-vote-it-up-multiple-voting-for-guests/</a> </p> http://wordpress.org/support/topic/264865#post-1054985 Fri, 24 Apr 2009 05:23:38 +0000 okaysamurai 1054985@http://wordpress.org/support/ <p>A word of warning: if you select the option to let guests vote, there is an exploit that allows users to vote multiple times. If you click "vote" once, no problem. But if you click "vote" rapidly and repeatedly, it will count every click until it changes to a "voted" state - thus allowing one user to vote multiple times.</p> <p>As it stands, you should only use this plugin with required registration.</p> <p>A small but critical bug in an otherwise awesome plugin! </p>