Access Control Flaw in WP ULike Plugin Affects WordPress Sites
CVE-2018-1000511

7.5HIGH

Key Information:

Vendor: WordPress
Status: Ulike
Vendor: CVE Published:; 26 June 2018

Summary

The WP ULike plugin versions 2.8.1 and 3.1 have a flaw in their AJAX implementation that allows unauthorized users to delete records from specific database tables. This vulnerability is exploited through specially crafted AJAX requests, posing a risk to data integrity. Users are advised to upgrade to version 3.2 or later to mitigate this issue.

References

https://advisories.dxw.com/advisories/wp-ulike-delete-rows/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2018
Vulnerability Reserved
Jun 7, 2018