2 matches found
CVE-2019-13344
CVE-2019-13344 involves the CRUDLab WordPress plugin “WP Like Button” (versions up to 1.6.0). The root cause is in the contains() function of wp_like_button.php, which fails to verify the current user’s authorization, enabling any unauthenticated user to update plugin settings (e.g., via wp-admin...
CVE-2023-40199
CVE-2023-40199 describes a Cross-Site Request Forgery (CSRF) vulnerability in the CRUDLab WP Like Button plugin for WordPress, affecting versions