PT-2026-5769 · WordPress · Wp Ulike
Pouria Shahba
·
Published
2026-02-03
·
Updated
2026-02-03
·
CVE-2026-0909
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP ULike versions prior to 4.8.3.1
Description
The WP ULike plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. The
wp ulike delete history api AJAX action does not confirm ownership of the log entry before allowing deletion. This allows authenticated attackers with Subscriber-level access or higher, possessing the 'stats' capability, to delete arbitrary log entries belonging to other users by manipulating the id parameter.Recommendations
Update WP ULike to version 4.8.3.1 or later.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Ulike