cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7879,https://securityvulnerability.io/vulnerability/CVE-2024-7879,Unfiltered HTML Settings Vulnerability in WP ULike Plugin Allows Cross-Site Scripting,"The WP ULike WordPress plugin versions before 4.7.5 contains a vulnerability stemming from inadequate sanitization and escaping of certain settings. This weakness could enable users with high-level privileges, such as editors, to carry out Cross-Site Scripting attacks even in environments where the option to use unfiltered HTML is disabled. This XSS flaw poses a significant security risk, as it may allow the execution of malicious scripts, potentially compromising site security and user data.",Wordpress,WP Ulike,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-11-06T06:00:05.843Z,0
CVE-2024-9649,https://securityvulnerability.io/vulnerability/CVE-2024-9649,Unauthenticated attackers can delete engagements via forged requests,"The WP ULike plugin for WordPress contains a Cross-Site Request Forgery vulnerability that affects all versions up to and including 4.7.4. This issue arises from missing or incorrect nonce validation within the wp_ulike_delete_history_api() function. As a result, unauthenticated attackers may exploit this vulnerability to delete user engagements, provided they can deceive an administrator into executing a specific action, such as clicking on a malicious link. It is essential for WordPress site owners using this plugin to take immediate steps to mitigate the risk associated with this vulnerability.",Wordpress,WP Ulike – All-in-one Engagement Toolkit,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-16T02:05:04.166Z,0
CVE-2024-7878,https://securityvulnerability.io/vulnerability/CVE-2024-7878,Unfiltered HTML Settings in WP ULike Plugin Lead to Stored Cross-Site Scripting Attacks,"The WP ULike  WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,WP Ulike,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-09-25T06:15:00.000Z,0
CVE-2024-6792,https://securityvulnerability.io/vulnerability/CVE-2024-6792,Plugin Sanitization Vulnerability Affects User Display Names,"The WP ULike WordPress plugin suffers from an improper sanitization vulnerability that affects how user display names are rendered on public pages. Without proper validation, attackers may exploit this flaw to inject malicious data, potentially compromising user accounts and site integrity. Addressing this issue is crucial for maintaining the security and trustworthiness of WordPress websites.",Wordpress,WP Ulike,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-09-06T06:00:02.050Z,0
CVE-2024-6094,https://securityvulnerability.io/vulnerability/CVE-2024-6094,Saint Cross-Site Scripting attacks possible through unfiltered_html capability,"The WP ULike  WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,WP Ulike,4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-07-24T06:00:02.906Z,0
CVE-2024-1759,https://securityvulnerability.io/vulnerability/CVE-2024-1759,Stored Cross-Site Scripting Vulnerability in WP ULike Marketing Toolkit Plugin,"The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WP Ulike – Most Advanced WordPress Marketing Toolkit,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:44.047Z,0
CVE-2024-1797,https://securityvulnerability.io/vulnerability/CVE-2024-1797,SQL Injection Vulnerability in WP ULike Marketing Toolkit Plugin,"The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is susceptible to SQL Injection vulnerabilities through the 'status' and 'id' parameters in the 'wp_ulike_counter' and 'wp_ulike' shortcodes. This vulnerability affects all versions up to and including 4.6.9, stemming from inadequate parameter escaping and poor SQL query preparation. Consequently, authenticated users with contributor-level access can inject arbitrary SQL queries into existing queries, potentially leading to the extraction of sensitive information from the database.",Wordpress,WP Ulike – Most Advanced WordPress Marketing Toolkit,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:42.452Z,0
CVE-2024-1572,https://securityvulnerability.io/vulnerability/CVE-2024-1572,Stored Cross-Site Scripting Vulnerability in WP ULike by WordPress,"The WP ULike plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level access and above to exploit the 'wp_ulike' shortcode. Insufficient input sanitization and output escaping on the 'wrapper_class' attribute make it possible for attackers to inject malicious web scripts. These scripts can execute when a user visits an affected page, enabling various forms of attacks such as data theft and session hijacking.",Wordpress,WP Ulike – Most Advanced WordPress Marketing Toolkit,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:04.349Z,0
CVE-2023-45640,https://securityvulnerability.io/vulnerability/CVE-2023-45640,WordPress WP ULike Plugin <= 4.6.8 is vulnerable to Cross Site Scripting (XSS),Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike – Most Advanced WordPress Marketing Toolkit plugin <= 4.6.8 versions.,Wordpress,WP ULike – Most Advanced WordPress Marketing Toolkit,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-10-25T18:17:00.000Z,0
CVE-2022-45842,https://securityvulnerability.io/vulnerability/CVE-2022-45842,WordPress WP ULike Plugin <= 4.6.4 is vulnerable to Race Condition vulnerability,Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.,Wordpress,WP Ulike (WordPress Plugin),3.7,LOW,0.0005699999746866524,false,,false,false,false,,false,false,2022-11-30T12:37:58.845Z,0