Multiple Vulnerabilities in WordPress WP ULike 2.8.1 / 3.1
- Date Published:2018-05-17
- Last Updated:2018-05-17
- Version Affected: ULike 2.8.1 / 3.1
WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases. WordPress is a personal blog system, and gradually evolved into a content management system software, which is developed using PHP language and MySQL database. Users can use their own blogs on servers that support PHP and MySQL databases.
WordPress WP ULike 2.8.1 / 3.1 Arbitrary Data Deletion
The plugin ULIKE contains a wp_ajax action which allows any authenticated user (it doesnat check permissions) to delete any row of almost any table in the database (the table must begin with $wpdb->prefix). As nonces are not used, this is also vulnerable to CSRF meaning unauthenticated users can access it if they can successfully phish any user of the site.
WordPress WP ULike 2.8.1 / 3.1 Cross Site Scripting
The pluginas default configuration (after pressing aSave Changesa on the settings page) allows unauthenticated users to alikea posts. It fetches the useras IP like this:
This will be incorrect in many situations. The header (which could be an IP address, or it could be an arbitrary string provided by the user) is stored in the database. Then itas displayed to the admin without being escaped.
1.At present, the manufacturer has not provided a patch or an upgrade procedure. We recommend that users who use this software keep an eye on the vendor's homepage to obtain the latest version: