PT-2026-24577

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp ulike likers box shortcode template attribute in all versions up to, and including, 5.0.1. This is due to the use of html entity decode on shortcode attributes without subsequent output sanitization, which...

PT-2026-5769

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wp ulike delete history api AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

WordPress WP ULike plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin WP ULike versions = 4.7.6...

WordPress WP ULike plugin <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Richard Telleng stueotue in WordPress Plugin WP ULike versions = 4.6.9...

CVE-2022-45842

Unauth. Race Condition vulnerability in WP ULike Plugin = 4.6.4 on WordPress allows attackers to increase/decrease rating scores...