82 matches found
WordPress Like Button Rating plugin <= 2.6.37 - Unauthorized Vote Export to Email & IP Addresses Disclosure vulnerability
Unauthorized Vote Export to Email & IP Addresses Disclosure vulnerability discovered by Krzysztof Zając in WordPress Like Button Rating plugin versions = 2.6.37. Solution Update the WordPress Like Button Rating plugin to the latest available version at least 2.6.38...
WordPress Like Button Rating 代码问题漏洞
WordPress Like Button Rating is a WordPress open source application. Fully customizable "Cool" button to add "Like" button. A security vulnerability exists in WordPress Like Button Rating 2.6.32, which stems from vulnerability to unauthenticated full-read server-side request forgery SSRF attacks...
WordPress WP Like Button plugin <= 1.6.0 - Auth Bypass vulnerability
Auth Bypass vulnerability found by Benjamin Lim in WordPress WP Like Button plugin versions = 1.6.0. Solution 10 July 2019 - we were unable to find a patched version of the plugin...
WordPress CRUDLab WP Like Button Plugin Authentication Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CRUDLab WP Like Button plugin is used in one of the plugin for adding buttons on the page. A plugin authentication bypass vulnerability...
WordPress Like Button 1.6.0 Authentication Bypass
Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service Introduction: WP Like button allows you to a...
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service Introduction: WP Like button allows you to a...
WordPress Like Button 1.6.0 Plugin - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: WP Like Button 1.6.0 - Auth Bypass Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service...
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
WordPress Plugin Like Button 1.6.0 - Authentication Bypass Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1...
CVE-2019-13344
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any...
CVE-2019-13344
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any...
Authentication flaw
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any...
CVE-2019-13344
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any...
CVE-2019-13344
CVE-2019-13344 involves the CRUDLab WordPress plugin “WP Like Button” (versions up to 1.6.0). The root cause is in the contains() function of wp_like_button.php, which fails to verify the current user’s authorization, enabling any unauthenticated user to update plugin settings (e.g., via wp-admin...
WP Like Button <= 1.6.0 - Auth Bypass
Authentication Bypass vulnerability in the WP Like Button Free plugin version 1.6.0 allows unauthenticated attackers to change the settings of the plugin. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any unauthenticate...
Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change
In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. The below form will set the “Site...
Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change
In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. PoC The below form will set the...
Drupal Facebook Like Button Module DRUPAL-SA-CONTRIB-2017-066 Cross-Site Scripting Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Facebook Like Button module DRUPAL-SA-CONTRIB-2017-066 due to the program failing to properly filter user-supplie...
Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066
This module provides a Facebook Like button on node pages and blocks. The module does not sufficiently sanitize output when configured to use custom css rules. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer fblikebutton". CVE...
WordPress Twitter 2.37 Cross Site Scripting
Effected Version : 2.36 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : In the following fields put the payload as below...
WordPress Facebook Like Button 2.32 Cross Site Scripting
Plugin Name : Facebook Like Button Effected Version : 2.32 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : The following field put the paylo...