Lucene search
K

82 matches found

Patchstack
Patchstack
added 2021/11/11 12:0 a.m.20 views

WordPress Like Button Rating plugin <= 2.6.37 - Unauthorized Vote Export to Email & IP Addresses Disclosure vulnerability

Unauthorized Vote Export to Email & IP Addresses Disclosure vulnerability discovered by Krzysztof Zając in WordPress Like Button Rating plugin versions = 2.6.37. Solution Update the WordPress Like Button Rating plugin to the latest available version at least 2.6.38...

8CVSS2.3AI score0.00557EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/04/05 12:0 a.m.11 views

WordPress Like Button Rating 代码问题漏洞

WordPress Like Button Rating is a WordPress open source application. Fully customizable "Cool" button to add "Like" button. A security vulnerability exists in WordPress Like Button Rating 2.6.32, which stems from vulnerability to unauthenticated full-read server-side request forgery SSRF attacks...

7.5CVSS7.3AI score0.04337EPSS
Exploits1References2
Patchstack
Patchstack
added 2019/07/10 12:0 a.m.16 views

WordPress WP Like Button plugin <= 1.6.0 - Auth Bypass vulnerability

Auth Bypass vulnerability found by Benjamin Lim in WordPress WP Like Button plugin versions = 1.6.0. Solution 10 July 2019 - we were unable to find a patched version of the plugin...

5.3CVSS2.7AI score0.45095EPSS
Exploits5References1Affected Software1
CNVD
CNVD
added 2019/07/09 12:0 a.m.4 views

WordPress CRUDLab WP Like Button Plugin Authentication Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CRUDLab WP Like Button plugin is used in one of the plugin for adding buttons on the page. A plugin authentication bypass vulnerability...

5.3CVSS7AI score0.45095EPSS
Exploits5References1
Packet Storm
Packet Storm
added 2019/07/08 12:0 a.m.90 views

WordPress Like Button 1.6.0 Authentication Bypass

Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service Introduction: WP Like button allows you to a...

5CVSS0.4AI score0.45095EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/07/08 12:0 a.m.387 views

WordPress Plugin Like Button 1.6.0 - Authentication Bypass

Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service Introduction: WP Like button allows you to a...

5.3CVSS5.6AI score0.45095EPSS
Exploits5
0day.today
0day.today
added 2019/07/08 12:0 a.m.236 views

WordPress Like Button 1.6.0 Plugin - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: WP Like Button 1.6.0 - Auth Bypass Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service...

5.3AI score0.45095EPSS
Exploits5
exploitpack
exploitpack
added 2019/07/08 12:0 a.m.32 views

WordPress Plugin Like Button 1.6.0 - Authentication Bypass

WordPress Plugin Like Button 1.6.0 - Authentication Bypass Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1...

5CVSS0.1AI score0.45095EPSS
Exploits5
OSV
OSV
added 2019/07/05 4:15 p.m.5 views

CVE-2019-13344

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any...

5.3CVSS6.1AI score0.45095EPSS
Exploits5References4
NVD
NVD
added 2019/07/05 4:15 p.m.26 views

CVE-2019-13344

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any...

5.3CVSS5.6AI score0.45095EPSS
Exploits5References4
Prion
Prion
added 2019/07/05 4:15 p.m.15 views

Authentication flaw

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any...

5CVSS5.5AI score0.45095EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2019/07/05 3:33 p.m.27 views

CVE-2019-13344

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any...

5.5AI score0.45095EPSS
Exploits5References4
CVE
CVE
added 2019/07/05 3:33 p.m.332 views

CVE-2019-13344

CVE-2019-13344 involves the CRUDLab WordPress plugin “WP Like Button” (versions up to 1.6.0). The root cause is in the contains() function of wp_like_button.php, which fails to verify the current user’s authorization, enabling any unauthenticated user to update plugin settings (e.g., via wp-admin...

5.3CVSS5.4AI score0.45095EPSS
Exploits5References4Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/05 12:0 a.m.23 views

WP Like Button <= 1.6.0 - Auth Bypass

Authentication Bypass vulnerability in the WP Like Button Free plugin version 1.6.0 allows unauthenticated attackers to change the settings of the plugin. The contains function in wplikebutton.php did not check if the current request is made by an authorized user, thus allowing any unauthenticate...

5CVSS4.9AI score0.45095EPSS
Exploits5References3Affected Software1
wpexploit
wpexploit
added 2017/11/02 12:0 a.m.11 views

Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change

In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. The below form will set the “Site...

1.3AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2017/11/02 12:0 a.m.11 views

Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change

In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. PoC The below form will set the...

3.4AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/08/28 12:0 a.m.2 views

Drupal Facebook Like Button Module DRUPAL-SA-CONTRIB-2017-066 Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Facebook Like Button module DRUPAL-SA-CONTRIB-2017-066 due to the program failing to properly filter user-supplie...

6.8AI score
Exploits0References1
Drupal
Drupal
added 2017/08/09 12:0 a.m.17 views

Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066

This module provides a Facebook Like button on node pages and blocks. The module does not sufficiently sanitize output when configured to use custom css rules. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer fblikebutton". CVE...

7AI score
Exploits0References13
Packet Storm
Packet Storm
added 2015/12/17 12:0 a.m.21 views

WordPress Twitter 2.37 Cross Site Scripting

Effected Version : 2.36 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : In the following fields put the payload as below...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/12/17 12:0 a.m.33 views

WordPress Facebook Like Button 2.32 Cross Site Scripting

Plugin Name : Facebook Like Button Effected Version : 2.32 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : The following field put the paylo...

7.4AI score
Exploits0
Rows per page
Query Builder