CVE-2019-13344

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:crudlab:wp_like_button:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2019-07-05 16:15

Updated : 2024-02-28 17:08


NVD link : CVE-2019-13344

Mitre link : CVE-2019-13344

CVE.ORG link : CVE-2019-13344


JSON object : View

Products Affected

crudlab

  • wp_like_button
CWE
CWE-306

Missing Authentication for Critical Function