Wp Ulike Security Vulnerabilities and Issues — Wp Ulike CVE List

Lucene search

WpulikeWp Ulike

8 matches found

CVE•added 2024/05/02 5:15 p.m.•61 views

CVE-2024-1797

The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wp_ulike_counter' and 'wp_ulike' shortcodes in all versions up to, and including, 4.6.9 due to insufficient escaping on the user supplied paramet...

8.8CVSS7.1AI score0.00372EPSS

CVE•added 2024/05/02 5:15 p.m.•56 views

CVE-2024-1572

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_ulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapper_class' attribute. This makes it possible for auth...

6.4CVSS5.7AI score0.00167EPSS

CVE•added 2025/01/15 4:15 p.m.•45 views

CVE-2025-22738

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechnoWich WP ULike allows Stored XSS.This issue affects WP ULike: from n/a through 4.7.6.

5.9CVSS5.8AI score0.00035EPSS

CVE•added 2024/10/16 2:15 a.m.•44 views

CVE-2024-9649

The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wp_ulike_delete_history_api() function. This makes it possible for un...

4.3CVSS4.6AI score0.00041EPSS

CVE•added 2024/05/02 5:15 p.m.•42 views

CVE-2024-1759

The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac...

6.4CVSS5.7AI score0.00144EPSS

CVE•added 2024/11/06 6:15 a.m.•37 views

CVE-2024-7879

The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS4.8AI score0.00056EPSS

CVE•added 2024/09/25 6:15 a.m.•35 views

CVE-2024-7878

The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.9AI score0.00182EPSS

CVE•added 2024/09/06 6:15 a.m.•34 views

CVE-2024-6792

The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.

3.5CVSS3.9AI score0.00079EPSS