2 matches found
CVE-2024-9649 WP ULike <= 4.7.4 - Cross-Site Request Forgery to Statistic Deletion
The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wpulikedeletehistoryapi function. This makes it possible for...
WordPress WP ULike Plugin <= 4.7.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP ULike Type Plugin Vulnerable versions = 4.7.4 Fixed in 4.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9649 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 736f4ce4b9c2 Credits Bilal Chawich Duke Required...