CVE-2021-24150

🗓️ 05 Apr 2021 18:27:42Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 57 Views🌐 WEB

LikeBtn WordPress plugin v2.6.32 Unauthenticated SSRF vulnerabilit

Reporter	Title	Published	Views	Family All 9
CNNVD	WordPress Like Button Rating 代码问题漏洞	5 Apr 202100:00	–	cnnvd
Cvelist	CVE-2021-24150 Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF	5 Apr 202118:27	–	cvelist
Nuclei	WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery	7 Jun 202603:02	–	nuclei
NVD	CVE-2021-24150	5 Apr 202119:15	–	nvd
OSV	CVE-2021-24150	5 Apr 202119:15	–	osv
Prion	Server side request forgery (ssrf)	5 Apr 202119:15	–	prion
RedhatCVE	CVE-2021-24150	22 May 202519:20	–	redhatcve
wpexploit	Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF	6 Feb 202100:00	–	wpexploit
WPVulnDB	Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF	6 Feb 202100:00	–	wpvulndb

NVD

Vulners

Node

likebtn-like-button_project likebtn-like-buttonRange<2.6.32wordpress

[
  {
    "product": "Like Button Rating ♥ LikeBtn",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.6.32",
        "status": "affected",
        "version": "2.6.32",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/6bc6023f-a5e7-4665-896c-95afa5b638fb

Parameter	Position	Path	Description	CWE
likebtn_q	query param	wp-admin/admin-ajax.php	Unauthenticated SSRF via likebtn_prx ajax action that proxies requests to user-supplied URL when host contains likebtn.com	CWE-918
action	query param	wp-admin/admin-ajax.php	Unauthenticated SSRF via likebtn_prx ajax action that proxies requests to user-supplied URL when host contains likebtn.com	CWE-918

21 Nov 2024 05:52Current

7.5High risk

Vulners AI Score7.5

CVSS 25

CVSS 3.17.5

EPSS0.46263

CWE-918