ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Like Button plugin <= 1.6.0 - Auth Bypass vulnerability

Product
WP Like Button
Description
Auth Bypass vulnerability found by Benjamin Lim in WordPress WP Like Button plugin (versions <= 1.6.0).
Solution
10 July 2019 - we were unable to find a patched version of the plugin.
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Plugin changelog
CVE
Name CVE-2019-13344
Versions
Affected In <= 1.6.0
Disclosure date
2019-07-10
Credits
Benjamin Lim
Submitter
ThreatPress