CVE-2021-24945
N/A
N/A
Summary
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Like Button Rating ♥ LikeBtn | 2.6.38 < 2.6.38 | affected |
Weaknesses
- CWE-200: CWE-200 Information Exposure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.