CVE-2021-24945

CVE-2021-24945: Like Button Rating < 2.6.38 - Unauthorised Vote Export to Email & IP Addresses Disclosure

Vendor Unknown

Product Like Button Rating ♥ LikeBtn

Weakness CWE-200 · Info exposure

Published December 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.

Key dates

02Disclosure timeline

December 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24945 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication CVE-2023-47244 WordPress Email Marketing for WooCommerce by Omnisend Plugin <= 1.13.8 is vulnerable to Sensitive Data Exposure CVE-2024-13641 Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2025-23290 CVE-2024-35166 WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 5.6.3 - Sensitive Data Exposure vulnerability