WordPress Plugin Vulnerabilities

WP Like Button <= 1.7.0 - Button Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its Button settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
wp-like-button
No known fix

References

CVE
CVE-2023-40199

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
6ba14d77-8a1b-44b0-8a86-9d3e11bd8bf0

Timeline

Publicly Published
2023-08-11 (about 2 years ago)
Added
2023-10-11 (about 2 years ago)
Last Updated
2023-10-11 (about 2 years ago)

Other

Published
Title
Published
2025-05-19
Title
Falang multilanguage < 1.3.62 - Cross-Site Request Forgery
Published
2023-06-02
Title
Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF) to Stored XSS
Published
2017-04-06
Title
Twitter Cards Meta < 2.5.0 - CSRF and XSS
Published
2023-02-07
Title
Slider by Supsystic < 1.8.7 - CSRF
Published
2023-11-21
Title
UserPro < 5.1.2 - Cross-Site Request Forgery via multiple functions