CVE-2021-24945

December 16, 2021

The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.

Summary:

The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.

Reference Links(if available):

  • https://wpscan.com/vulnerability/d7618061-a7fa-4da4-9384-be19bc5e8548

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    image

    [INCRANSOM] – Ransomware Victim: Webb Institute

    November 5, 2024
    image

    [RANSOMHUB] – Ransomware Victim: apoyoconsultoria[.]com

    November 5, 2024
    main

    New Android Banking Malware ‘ToxicPanda’ Targets Users with Fraudulent Money Transfers

    November 5, 2024
    image 1

    CVE Alert: CVE-2024-51677

    November 5, 2024
    image 1

    CVE Alert: CVE-2024-45884

    November 5, 2024