Strike ID:
E19-7pc01
CVSS:
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
False Positive:
t
Variants:
1
Year:
2019

Description

This strike exploits an authentication bypass on the Wordpress Plugin Like Button. The vulnerability is due to not properly checking if the request is sent by an authorized user. A remote unauthorized attacker can exploit this vulnerability by sending a crafted HTTP POST request to the system. Successful exploitation results in changing the configuration of the plugin setting.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}