Description
WordPress Plugin Like Button Rating-LikeBtn is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Like Button Rating-LikeBtn version 2.6.31 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.6.32 or latest
References
https://wpscan.com/vulnerability/6bc6023f-a5e7-4665-896c-95afa5b638fb
https://plugins.svn.wordpress.org/likebtn-like-button/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Parsian Bank Woocommerce Cross-Site Scripting (1.0)
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7)
WordPress Plugin MP3-jPlayer Cross-Site Scripting (1.8.3)
WordPress Plugin Advanced Custom Fields Cross-Site Scripting (5.8.11)
WordPress Plugin Photo Gallery-Image Gallery by Ape Cross-Site Scripting (1.6.14)