CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40199 – WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40199
11 Aug 2023 — Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento CRUDLab WP Like Button en versiones <= 1.7.0. The WP Like Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the 'saveData' function. This makes it possible for unauthenticated attackers to save button options via a forg... • https://patchstack.com/database/vulnerability/wp-like-button/wordpress-wp-like-button-plugin-1-6-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 32%CPEs: 1EXPL: 3CVE-2019-13344 – WP Like Button <= 1.6.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2019-13344
05 Jul 2019 — An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter. Una vulnerabilidad de omisión de autenticación en el plugin ... • https://www.exploit-db.com/exploits/47078 • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •