{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T23:23:04Z","timestamp":1742944984980,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":26,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819777365"},{"type":"electronic","value":"9789819777372"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-97-7737-2_10","type":"book-chapter","created":{"date-parts":[[2024,9,13]],"date-time":"2024-09-13T10:03:10Z","timestamp":1726221790000},"page":"179-194","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Race Condition Vulnerabilities in WordPress Plug-ins"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-8683-7422","authenticated-orcid":false,"given":"Rin","family":"Miyachi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Konan","family":"Nagashima","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Taiichi","family":"Saito","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,9,13]]},"reference":[{"key":"10_CR1","unstructured":"Wordpress.org. https:\/\/wordpress.org"},{"key":"10_CR2","unstructured":"2022 CWE Top 25 Most Dangerous Software Weaknesses. https:\/\/cwe.mitre.org\/top25\/archive\/2022\/2022_cwe_top25.html"},{"key":"10_CR3","unstructured":"2023 CWE Top 25 Most Dangerous Software Weaknesses. https:\/\/cwe.mitre.org\/top25\/archive\/2023\/2023_top25_list.html"},{"key":"10_CR4","unstructured":"Race conditions | Web Security Academy. https:\/\/portswigger.net\/web-security\/race-conditions"},{"key":"10_CR5","unstructured":"Vulnerability assessment methodology documents that are too detailed but should be communicated (in Japanese). https:\/\/webapppentestguidelines.github.io\/newtechtestdoc\/docs\/toctou\/"},{"key":"10_CR6","unstructured":"OWASP TimeGap Theory. https:\/\/timegaptheory.com\/"},{"key":"10_CR7","unstructured":"Wget Vulnerability Conflict Condition (in Japanese). https:\/\/timegaptheory.com\/"},{"key":"10_CR8","unstructured":"CVE-2016-7098 Detail \u2013 NVD. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-7098"},{"key":"10_CR9","unstructured":"CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u2018Race Condition\u2019). https:\/\/cwe.mitre.org\/data\/definitions\/362.html"},{"key":"10_CR10","doi-asserted-by":"publisher","unstructured":"Paleari, R., Marrone, D., Bruschi, D., Monga, M.: On race vulnerabilities in web applications. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 126\u2013142. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-70542-0_7","DOI":"10.1007\/978-3-540-70542-0_7"},{"key":"10_CR11","unstructured":"Race Condition Exploit in Starbucks Gift Cards. https:\/\/www.schneier.com\/blog\/archives\/2015\/05\/race_condition_.html"},{"key":"10_CR12","unstructured":"Accommodation reservation system disrupted Travel support spikes access to the system (in Japanese). http:\/\/www.nikkei.com\/article\/DGXZQOUC13CHJ0T11C22A0000000"},{"key":"10_CR13","unstructured":"CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition. https:\/\/cwe.mitre.org\/data\/definitions\/367.html"},{"key":"10_CR14","unstructured":"TOCTOU\/Race condition | WebApp Testing. https:\/\/webapppentestguidelines.github.io\/newtechtestdoc\/docs\/toctou\/"},{"key":"10_CR15","unstructured":"Turbo Intruder. https:\/\/portswigger.net\/bappstore\/9abaa233088242e8be252cd4ff534988"},{"key":"10_CR16","unstructured":"get_user_meta() \u2013 Function - WordPress Developer Resources\/. https:\/\/developer.wordpress.org\/reference\/functions\/get_user_meta\/"},{"key":"10_CR17","unstructured":"update_user_meta() \u2013 Function. https:\/\/developer.wordpress.org\/reference\/functions\/update_user_meta\/"},{"key":"10_CR18","unstructured":"wpdb \u2013 Class - WordPress Developer Resources. https:\/\/developer.wordpress.org\/reference\/classes\/wpdb\/"},{"key":"10_CR19","unstructured":"7.2.2 autocommit, Commit, and Rollback. https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/innodb-autocommit-commit-rollback.html"},{"key":"10_CR20","unstructured":"flock \u2013 Manual. https:\/\/www.php.net\/manual\/en\/function.flock.php"},{"key":"10_CR21","unstructured":"wp_cache_get() \u2013 Function - WordPress Developer Resources. https:\/\/developer.wordpress.org\/reference\/functions\/wp_cache_get\/"},{"key":"10_CR22","unstructured":"Smashing the state machine: the true potential of web race conditions. https:\/\/portswigger.net\/research\/smashing-the-state-machine"},{"key":"10_CR23","doi-asserted-by":"publisher","unstructured":"Qiu, Z., Shao, S., Zhao, Q., Jin, G.: Understanding and detecting server-side request races in web applications. In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 842\u2013854 (2021). https:\/\/doi.org\/10.1145\/3468264.3468594","DOI":"10.1145\/3468264.3468594"},{"key":"10_CR24","unstructured":"Patchstack: Fastest protection for WordPress security vulnerabilities. https:\/\/patchstack.com\/"},{"key":"10_CR25","unstructured":"Wordfence: WordPress Security Plugin. https:\/\/www.wordfence.com\/"},{"key":"10_CR26","unstructured":"YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation. https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/yop-poll\/yop-poll-6526-race-condition-to-vote-manipulation"}],"container-title":["Lecture Notes in Computer Science","Advances in Information and Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-7737-2_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,13]],"date-time":"2024-09-13T10:04:22Z","timestamp":1726221862000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-7737-2_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819777365","9789819777372"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-7737-2_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"13 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IWSEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kyoto","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iwsec2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iwsec.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}