Arbitrary Email Sending Vulnerability in Like Button Rating WordPress Plugin

Arbitrary Email Sending Vulnerability in Like Button Rating WordPress Plugin

CVE-2022-0745 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body

Learn more about our Wordpress Pen Testing.