Описание
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.38 (исключая)
cpe:2.3:a:likebtn:like_button_rating:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 35%
0.00141
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-200
CWE-352
Связанные уязвимости
CVSS3: 8
github
около 4 лет назад
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.
EPSS
Процентиль: 35%
0.00141
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-200
CWE-352