Lucene search
K
WpulikeWp Ulike

5 matches found

CVE
CVE
added 2024/05/02 4:52 p.m.77 views

CVE-2024-1797

CVE-2024-1797 concerns the WP ULike plugin for WordPress. The initial description states a SQL Injection via the status and id attributes of the wp_ulike_counter and wp_ulike shortcodes, affecting all versions up to 4.6.9, with authenticated attackers (contributor+ level) able to inject extra SQL...

8.8CVSS7.1AI score0.0056EPSS
CVE
CVE
added 2024/05/02 4:52 p.m.76 views

CVE-2024-1572

CVE-2024-1572 affects the WP ULike WordPress plugin. It enables Stored XSS via the plugin’s wp_ulike shortcode due to insufficient input sanitization and output escaping on the wrapper_class attribute, affecting all versions up to and including 4.6.9. An authenticated attacker with contributor-le...

6.4CVSS5.7AI score0.00419EPSS
CVE
CVE
added 2025/01/15 3:23 p.m.63 views

CVE-2025-22738

CVE-2025-22738 is a stored XSS vulnerability in WP ULike (TechnoWich) affecting WP ULike versions up to 4.7.6. The issue is caused by improper input neutralization during web page generation. Public metrics list CVSS v3.1 base score 4.8 (Scope: Changed, N/A, I/L/C/L), with another vector 5.9 from...

5.9CVSS7.2AI score0.0031EPSS
CVE
CVE
added 2024/10/16 2:5 a.m.60 views

CVE-2024-9649

CVE-2024-9649 affects the WordPress plugin WP ULike – The Ultimate Engagement Toolkit (versions up to and including 4.7.4). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation in the wp_ulike_delete_history_api() function, enabling unauthenticated...

4.3CVSS4.6AI score0.00207EPSS
CVE
CVE
added 2024/05/02 4:52 p.m.59 views

CVE-2024-1759

CVE-2024-1759: WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s display name in all versions up to 4.6.9 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (subscriber level or higher) and can allow injecti...

6.4CVSS5.7AI score0.0034EPSS