| |
Vulnerability CVE-2021-24945
Published: 2021-12-13
| Description: |
The Like Button Rating ????? LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog. |
Type:
CWE-200 (Information Exposure)
CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6/10 |
6.4/10 |
6.8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://wpscan.com/vulnerability/d7618061-a7fa-4da4-9384-be19bc5e8548
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
