5 matches found
CVE-2024-1797
CVE-2024-1797 concerns the WP ULike plugin for WordPress. The initial description states a SQL Injection via the status and id attributes of the wp_ulike_counter and wp_ulike shortcodes, affecting all versions up to 4.6.9, with authenticated attackers (contributor+ level) able to inject extra SQL...
CVE-2024-1572
CVE-2024-1572 affects the WP ULike WordPress plugin. It enables Stored XSS via the plugin’s wp_ulike shortcode due to insufficient input sanitization and output escaping on the wrapper_class attribute, affecting all versions up to and including 4.6.9. An authenticated attacker with contributor-le...
CVE-2025-22738
CVE-2025-22738 is a stored XSS vulnerability in WP ULike (TechnoWich) affecting WP ULike versions up to 4.7.6. The issue is caused by improper input neutralization during web page generation. Public metrics list CVSS v3.1 base score 4.8 (Scope: Changed, N/A, I/L/C/L), with another vector 5.9 from...
CVE-2024-9649
CVE-2024-9649 affects the WordPress plugin WP ULike – The Ultimate Engagement Toolkit (versions up to and including 4.7.4). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation in the wp_ulike_delete_history_api() function, enabling unauthenticated...
CVE-2024-1759
CVE-2024-1759: WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s display name in all versions up to 4.6.9 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (subscriber level or higher) and can allow injecti...