QwikSec

Security Database

CVE

CWE

Training

CVE-2019-13344

Published: Jul 5, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://limbenjamin.com/articles/wp-like-button-auth-bypass.html

x_refsource_MISC

https://wordpress.org/plugins/wp-like-button/#developers

x_refsource_MISC

http://packetstormsecurity.com/files/153541/WordPress-Like-Button-1.6.0-Authentication-Bypass.html

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/9432

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.