Hung Duong

**Name of the Vulnerable Software and Affected Versions** Comments Like Dislike plugin for WordPress versions up to, and including, 1.1.9 **Description** The issue is related to a missing capability check on the `restore settings` function, which can be exploited via an AJAX action. This allows authenticated attackers with minimal permissions to reset the plugin's settings, potentially affecting data integrity. The problem was reported to the WordPress plugin team 30 days prior, but no update has been released yet. **Recommendations** For versions up to, and including, 1.1.9, consider disabling the `restore settings` function until a patch is available to prevent unauthorized modification of data. Restrict access to the AJAX action that calls the `restore settings` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.