Wp Ulike Security Vulnerabilities and Issues — Wp Ulike CVE List

Lucene search

WpulikeWp Ulike

3 matches found

CVE•added 2024/10/16 2:15 a.m.•44 views

CVE-2024-9649

The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wp_ulike_delete_history_api() function. This makes it possible for un...

4.3CVSS4.6AI score0.00041EPSS

CVE•added 2024/11/06 6:15 a.m.•37 views

CVE-2024-7879

The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS4.8AI score0.00045EPSS

CVE•added 2024/09/25 6:15 a.m.•35 views

CVE-2024-7878

The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.9AI score0.00182EPSS