cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9649,https://securityvulnerability.io/vulnerability/CVE-2024-9649,Unauthenticated attackers can delete engagements via forged requests,"The WP ULike plugin for WordPress contains a Cross-Site Request Forgery vulnerability that affects all versions up to and including 4.7.4. This issue arises from missing or incorrect nonce validation within the wp_ulike_delete_history_api() function. As a result, unauthenticated attackers may exploit this vulnerability to delete user engagements, provided they can deceive an administrator into executing a specific action, such as clicking on a malicious link. It is essential for WordPress site owners using this plugin to take immediate steps to mitigate the risk associated with this vulnerability.",Wordpress,WP Ulike – All-in-one Engagement Toolkit,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-16T02:05:04.166Z,0