An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153541/WordPress-Like-Button-1.6.0-Authentication-Bypass.html | Exploit Third Party Advisory VDB Entry |
https://limbenjamin.com/articles/wp-like-button-auth-bypass.html | Exploit Third Party Advisory |
https://wordpress.org/plugins/wp-like-button/#developers | Release Notes Third Party Advisory |
https://wpvulndb.com/vulnerabilities/9432 | |
http://packetstormsecurity.com/files/153541/WordPress-Like-Button-1.6.0-Authentication-Bypass.html | Exploit Third Party Advisory VDB Entry |
https://limbenjamin.com/articles/wp-like-button-auth-bypass.html | Exploit Third Party Advisory |
https://wordpress.org/plugins/wp-like-button/#developers | Release Notes Third Party Advisory |
https://wpvulndb.com/vulnerabilities/9432 |
Configurations
History
21 Nov 2024, 04:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/153541/WordPress-Like-Button-1.6.0-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://limbenjamin.com/articles/wp-like-button-auth-bypass.html - Exploit, Third Party Advisory | |
References | () https://wordpress.org/plugins/wp-like-button/#developers - Release Notes, Third Party Advisory | |
References | () https://wpvulndb.com/vulnerabilities/9432 - |
Information
Published : 2019-07-05 16:15
Updated : 2024-11-21 04:24
NVD link : CVE-2019-13344
Mitre link : CVE-2019-13344
CVE.ORG link : CVE-2019-13344
JSON object : View
Products Affected
crudlab
- wp_like_button
CWE
CWE-306
Missing Authentication for Critical Function