Like Button Rating <= 2.5.3 - Cross-Site Request Forgery (CSRF)

Affects Plugin

fixed in version 2.5.4

References

URL https://advisories.dxw.com/advisories/likebtn-set-any-option/
URL https://seclists.org/fulldisclosure/2018/Apr/21

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Submitter Ryan
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 6583
Verified No
WPVDB ID 9064

Timeline

Publicly Published 2017-11-02 (over 2 years ago)
Added 2018-04-12 (about 2 years ago)
Last Updated 2019-11-01 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin