3 matches found
CVE-2022-0745
CVE-2022-0745 affects the WordPress plugin “Like Button Rating” (LikeBtn). Connected documents confirm that versions prior to 2.6.45 allow any logged-in user (e.g., a subscriber) to send arbitrary emails to any recipient with arbitrary subject and body, via the plugin’s exposed functionality (e.g...
CVE-2024-44064
CVE-2024-44064 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin LikeBtn – Like Button Rating that also allows Cross-Site Scripting (XSS). It affects versions up to and including 2.6.54 . The connected sources consistently describe the issue as CSRF with an XSS outcome ...
CVE-2021-24945
The WordPress Like Button Rating LikeBtn plugin (versions before 2.6.38) has an authorization/CSRF weakness in the likebtn_export_votes AJAX action. This flaw allows any authenticated user (e.g., a subscriber) to retrieve a list of emails and IP addresses of users who liked content. Root cause: l...