WordPress Plugin Vulnerabilities
WP Like Button < 1.6.4 - Auth Bypass
Description
Authentication Bypass vulnerability in the WP Like Button (Free) plugin
version 1.6.0 allows unauthenticated attackers to change the settings of
the plugin. The contains() function in wp_like_button.php did not check if
the current request is made by an authorized user, thus allowing any
unauthenticated user to successfully update the settings of the plugin.
Affects Plugins
References
Classification
Type
AUTHBYPASS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Benjamin Lim
Submitter
Benjamin Lim
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2019-07-05 (about 4 years ago)
Added
2019-07-09 (about 4 years ago)
Last Updated
2020-09-22 (about 3 years ago)