CVE-2019-13344

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:crudlab:wp_like_button:*:*:*:*:*:wordpress:*:*

Information

Published : 2019-07-05 09:15

Updated : 2020-08-24 10:37


NVD link : CVE-2019-13344

Mitre link : CVE-2019-13344


JSON object : View

CWE
CWE-306

Missing Authentication for Critical Function

Advertisement

dedicated server usa

Products Affected

crudlab

  • wp_like_button