Race Condition Vulnerabilities in WordPress Plug-ins

WordPress is the world's most popular content management system, developed as an open-source software with many plugins. However, since these plugins are developed and released by anyone, they may have security problems. Web applications need to be designed and developed in consideration of possible race conditions that may occur when multiple processes access shared resources at the same time, but race conditions aren't paid much attention by developers and may result in vulnerability. This vulnerability is known to cause problems such as unauthorized data access, database inconsistency, and file content corruption by an attacker who intentionally creates a race condition. It is also considered that this vulnerability is not as well-known as XSS and SQLi. In this paper, we investigate the race condition vulnerabilities in WordPress plugins. Based on the results of this survey, we discuss the trends and causes of these vulnerabilities, as well as countermeasures for them.