7 matches found
CVE-2023-45640
CVE-2023-45640 describes a stored XSS vulnerability in the WordPress plugin WP ULike (TechnoWich) – Most Advanced WordPress Marketing Toolkit, affecting versions up to 4.6.8. The issue is exploitable by authenticated users with contributor or higher permissions and results in stored cross-site sc...
CVE-2022-45842
WP ULike Plugin for WordPress (
CVE-2024-6094
CVE-2024-6094 relates to the WP ULike WordPress plugin, pre-4.7.1. The issue is that the plugin does not sanitise and escape certain settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., admins), including in multisite environments where unfiltered_html is dis...
CVE-2024-6792
Vulnerability context: CVE-2024-6792 affects the WP ULike WordPress plugin prior to 4.7.2.1. The issue stems from improper sanitization of user display names when rendering on public pages, which is described in Red Hat and Patchstack entries as a subscriber-level stored XSS exposure. Affected so...
CVE-2024-7878
CVE-2024-7878 affects WP ULike WordPress plugin versions prior to 4.7.4. The issue is a failure to sanitise and escape certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admin) even when unfiltered_html is disallowed (including multisite setups). Red Hat and oth...
CVE-2024-7879
The CVE-2024-7879 entries concern the WP ULike WordPress plugin (versions before 4.7.5) where certain settings are not properly sanitised/escaped. The Red Hat, NVD, and CVE lists describe this as a stored XSS vector that could be triggered by high-privilege users (e.g., editors) even when unfilte...
CVE-2024-12770
CVE-2024-12770 affects the WP ULike WordPress plugin (versions before 4.7.6). An attacker with high privileges (e.g., admin) can trigger a Stored Cross-Site Scripting vulnerability due to unsanitized/escaped settings, even when unfiltered_html is disallowed (e.g., multisite). Impact per provided ...