The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and...
6.5CVSS
6.5AI Score
0.001EPSS
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....
9.8CVSS
9.4AI Score
0.004EPSS
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the...
8CVSS
7.6AI Score
0.001EPSS
The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery...
7.5CVSS
7.5AI Score
0.019EPSS