# Exploit Title: kk Star Ratings < 5.4.6 - Rating Tampering via Race
# Google Dork: inurl:/wp-content/plugins/kk-star-ratings/
# Date: 2023-11-06
# Exploit Author: Mohammad Reza Omrani
# Vendor Homepage:
# Software Link:
# WPScan :
# Version: 5.4.6
# Tested on: Wordpress 6.2.2
# CVE : CVE-2023-4642

# POC:
1- Install and activate kk Star Ratings.
2- Go to the page that displays the star rating.
3- Using Burp and the Turbo Intruder extension, intercept the rating
4- Send the request to Turbo Intruder using Action > Extensions > Turbo
Intruder > Send to turbo intruder.
5- Drop the initial request and turn Intercept off.
6- In the Turbo Intruder window, add "%s" to the end of the connection
header (e.g. "Connection: close %s").
7- Use the code `examples/`.
8- Click "Attack" at the bottom of the window. This will send multiple
requests to the server at the same moment.
9- To see the updated total rates, reload the page you tested.