4 matches found
CVE-2021-24945
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtnexportvotes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog...
CVE-2021-24945
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtnexportvotes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog...
CVE-2021-24945 Like Button Rating < 2.6.38 - Unauthorised Vote Export to Email & IP Addresses Disclosure
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtnexportvotes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog...
CVE-2021-24945
The WordPress Like Button Rating LikeBtn plugin (versions before 2.6.38) has an authorization/CSRF weakness in the likebtn_export_votes AJAX action. This flaw allows any authenticated user (e.g., a subscriber) to retrieve a list of emails and IP addresses of users who liked content. Root cause: l...