Posted 7 months ago #
A word of warning: if you select the option to let guests vote, there is an exploit that allows users to vote multiple times. If you click "vote" once, no problem. But if you click "vote" rapidly and repeatedly, it will count every click until it changes to a "voted" state - thus allowing one user to vote multiple times.
As it stands, you should only use this plugin with required registration.
A small but critical bug in an otherwise awesome plugin!
Posted 6 months ago #
Here is my bugfix to this issue (with your description): http://www.preisjaeger.at/news/bugfix-in-wp-plugin-vote-it-up-multiple-voting-for-guests/
Posted 5 months ago #
Thanks for this fix, preisjaeger.
Can you, or someone else, explain how it fixes the exploit, please?
Posted 3 months ago #
it was just a little copy&paste mistake (the wrong variables were given to GuestVoted() ). take a look in this GuestVote-function and you will see, that it's not correct using $post_ID and $user_ID for function GuestVoted(). It was also not escaped, so there was perhabs a little sercurity hole... ;)
You must log in to post.
