Title: [Plugin: Vote It Up] Guest Exploit
Last modified: August 19, 2016

---

# [Plugin: Vote It Up] Guest Exploit

 *  [okaysamurai](https://wordpress.org/support/users/okaysamurai/)
 * (@okaysamurai)
 * [17 years ago](https://wordpress.org/support/topic/plugin-vote-it-up-guest-exploit/)
 * A word of warning: if you select the option to let guests vote, there is an exploit
   that allows users to vote multiple times. If you click “vote” once, no problem.
   But if you click “vote” rapidly and repeatedly, it will count every click until
   it changes to a “voted” state – thus allowing one user to vote multiple times.
 * As it stands, you should only use this plugin with required registration.
 * A small but critical bug in an otherwise awesome plugin!

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [preisjaeger](https://wordpress.org/support/users/preisjaeger/)
 * (@preisjaeger)
 * [16 years, 11 months ago](https://wordpress.org/support/topic/plugin-vote-it-up-guest-exploit/#post-1059516)
 * Here is my bugfix to this issue (with your description): [http://www.preisjaeger.at/news/bugfix-in-wp-plugin-vote-it-up-multiple-voting-for-guests/](http://www.preisjaeger.at/news/bugfix-in-wp-plugin-vote-it-up-multiple-voting-for-guests/)
 *  [mightymendis](https://wordpress.org/support/users/mightymendis/)
 * (@mightymendis)
 * [16 years, 11 months ago](https://wordpress.org/support/topic/plugin-vote-it-up-guest-exploit/#post-1059523)
 * Thanks for this fix, preisjaeger.
 * Can you, or someone else, explain how it fixes the exploit, please?
 *  [preisjaeger](https://wordpress.org/support/users/preisjaeger/)
 * (@preisjaeger)
 * [16 years, 9 months ago](https://wordpress.org/support/topic/plugin-vote-it-up-guest-exploit/#post-1059532)
 * it was just a little copy&paste mistake (the wrong variables were given to GuestVoted()).
   take a look in this GuestVote-function and you will see, that it’s not correct
   using $post_ID and $user_ID for function GuestVoted(). It was also not escaped,
   so there was perhabs a little sercurity hole… 😉

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘[Plugin: Vote It Up] Guest Exploit’ is closed to new replies.

 * 3 replies
 * 3 participants
 * Last reply from: [preisjaeger](https://wordpress.org/support/users/preisjaeger/)
 * Last activity: [16 years, 9 months ago](https://wordpress.org/support/topic/plugin-vote-it-up-guest-exploit/#post-1059532)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics