CVE-2021-24945 — HIGH (8.0)

Q: How severe is CVE-2021-24945?

CVE-2021-24945 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24945?

Check the references section above for vendor advisories and patch information. Affected products include: Likebtn Like Button Rating.

Vulnerability Description

The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Likebtn	Like Button Rating	< 2.6.38

Related Weaknesses (CWE)

CWE-200 CWE-352

References

https://wpscan.com/vulnerability/d7618061-a7fa-4da4-9384-be19bc5e8548ExploitThird Party Advisory
https://wpscan.com/vulnerability/d7618061-a7fa-4da4-9384-be19bc5e8548ExploitThird Party Advisory

FAQ

What is CVE-2021-24945?

CVE-2021-24945 is a vulnerability with a CVSS score of 8.0 (HIGH). The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such ...

How severe is CVE-2021-24945?

CVE-2021-24945 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24945?

Check the references section above for vendor advisories and patch information. Affected products include: Likebtn Like Button Rating.