Published: 05/07/2019 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin up to and including 1.6.0 for WordPress allows unauthenticated malicious users to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
crudlab wp like button

Exploit Title: WP Like Button 160 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: wwwcrudlabcom Software Link: wordpressorg/plugins/wp-like-button/ Version: 160 CVE : CVE-2019-13344 1 Product & Service Introduction: WP Like button allows you to add Facebook like button on your wordpress blog ...

CWE-306 https://limbenjamin.com/articles/wp-like-button-auth-bypass.html https://wordpress.org/plugins/wp-like-button/#developers http://packetstormsecurity.com/files/153541/WordPress-Like-Button-1.6.0-Authentication-Bypass.html https://wpvulndb.com/vulnerabilities/9432 https://nvd.nist.gov https://www.exploit-db.com/exploits/47078

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-13344

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect