Title: [Plugin: Vote It Up] Bug
Last modified: August 19, 2016

---

# [Plugin: Vote It Up] Bug

 *  [joshsalverda](https://wordpress.org/support/users/joshsalverda/)
 * (@joshsalverda)
 * [16 years, 8 months ago](https://wordpress.org/support/topic/plugin-vote-it-up-bug/)
 * Hey, there’s a bug in your code that allows someone to vote down a post even 
   if the option isn’t available on the web site. For example, the normal vote code
   looks like:
 * `vote(obj, votelinkobj, aftervote, postID ,userID, baseURL)`
 * and the sink code:
 * `sink(obj, votelinkobj, aftervote, postID ,userID, baseURL)`
 * So now, let’s assume for a moment that I’m a l33t hax0r who wants to sabotage
   someone’s web site… I could inject some JS code (using Firebug’s console) to 
   call some JS functions that I normally can’t call on the web site, which results
   in something like:
 * `sink(null, null, null, postID, 0, baseURL)`
 * which would call the sink() function and decrement the vote count by one. Ok,
   cool, so I have sabotaged the vote count by -1 W00t! But I’m not satisfied… so
   now what to do…
 * `for(var i = 0; i < 100; i++) { sink(null, null, null, postID, 0, baseURL) }`
 * Sweet… I’ve just decremented the vote count by -100.
 * You should probably fix this before a real l33t hax0r finds this and it turns
   into a big problem.
 * [http://wordpress.org/extend/plugins/vote-it-up/](http://wordpress.org/extend/plugins/vote-it-up/)

The topic ‘[Plugin: Vote It Up] Bug’ is closed to new replies.

 * 0 replies
 * 1 participant
 * Last reply from: [joshsalverda](https://wordpress.org/support/users/joshsalverda/)
 * Last activity: [16 years, 8 months ago](https://wordpress.org/support/topic/plugin-vote-it-up-bug/)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics