The WP ULike β Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wp_ulike_counter' and 'wp_ulike' shortcodes in all versions up to, and including, 4.6.9 due to insufficient escaping on the user supplied...
8.8CVSS
7.8AI Score
0.001EPSS
The WP ULike β Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
6.1AI Score
0.0004EPSS
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_ulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapper_class' attribute. This makes it possible for...
6.4CVSS
6.1AI Score
0.001EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike β Most Advanced WordPress Marketing Toolkit plugin <= 4.6.8...
5.4CVSS
6.4AI Score
0.0004EPSS
Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating...
3.7CVSS
4.2AI Score
0.001EPSS