vulnerability

WordPress Plugin: likebtn-like-button: CVE-2021-24945: Exposure of Sensitive Information to an Unauthorized Actor

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:S/C:P/I:P/A:P)	Nov 11, 2021	May 15, 2025	Jun 24, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:P)

Published

Nov 11, 2021

Added

May 15, 2025

Modified

Jun 24, 2025

Description

The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.

Solution

likebtn-like-button-plugin-cve-2021-24945

References

URL-https://www.cve.org/CVERecord?id=CVE-2021-24945
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/6a19972e-6ff9-4d18-a327-5cafef96a637?source=api-prod
CVE-2021-24945
https://attackerkb.com/topics/CVE-2021-24945
CWE-200
CWE-352

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today