Lucene search
PRIOn knowledge basePRION:CVE-2019-13344HistoryJul 05, 2019 - 4:15 p.m.
Authentication flaw
2019-07-0516:15:00
PRIOn knowledge base
www.prio-n.com
2
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp_like_button | le | 1.6.0 |
Related
exploitpack
exploitpack
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
2019-07-08 00:00:00
cvelist
cvelist
CVE-2019-13344
2019-07-05 15:33:45
cve
cve
CVE-2019-13344
2019-07-05 16:15:11
zdt
zdt
WordPress Like Button 1.6.0 Plugin - Authentication Bypass Vulnerability
2019-07-08 00:00:00
patchstack
patchstack
WordPress WP Like Button plugin <= 1.6.0 - Auth Bypass vulnerability
2019-07-10 00:00:00
packetstorm
packetstorm
WordPress Like Button 1.6.0 Authentication Bypass
2019-07-08 00:00:00
wpvulndb
wpvulndb
WP Like Button <= 1.6.0 - Auth Bypass
2019-07-05 00:00:00
nvd
nvd
CVE-2019-13344
2019-07-05 16:15:11
checkpoint_advisories
checkpoint_advisories
Wordpress Like Button Plugin Authentication Bypass (CVE-2019-13344)
2022-11-14 00:00:00
exploitdb
exploitdb
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
2019-07-08 00:00:00