QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24945

Published: Dec 13, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.

Vendor	Product	Versions
Unknown	Like Button Rating ♥ LikeBtn	affected `2.6.38 - < 2.6.38`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/d7618061-a7fa-4da4-9384-be19bc5e8548

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.