CVE-2023-3244

Name of the Vulnerable Software and Affected Versions Comments Like Dislike plugin for WordPress versions up to, and including, 1.1.9

Description The issue is related to a missing capability check on the restore settings function, which can be exploited via an AJAX action. This allows authenticated attackers with minimal permissions to reset the plugin's settings, potentially affecting data integrity. The problem was reported to the WordPress plugin team 30 days prior, but no update has been released yet.

Recommendations For versions up to, and including, 1.1.9, consider disabling the restore settings function until a patch is available to prevent unauthorized modification of data. Restrict access to the AJAX action that calls the restore settings function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.