2 matches found
CVE-2018-1000511
WP ULike versions 2.8.1 and 3.1 contain an Incorrect Access Control vulnerability in AJAX that allows an attacker to delete arbitrary rows in certain database tables. The issue is exploitable by making an AJAX request; no exploitation status is provided in the sources. The vulnerability appears t...
CVE-2018-1000508
CVE-2018-1000508 affects WordPress WP ULike plugin versions 2.8.1 and 3.1, with a Cross-Site Scripting (XSS) vulnerability in the Settings page. The issue can allow unauthenticated or additional-privilege users to perform administrator-like actions by visiting the logs page. The vulnerability is ...