Description
WordPress Plugin WP Like Button is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin's settings. WordPress Plugin WP Like Button version 1.6.0 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
https://limbenjamin.com/articles/wp-like-button-auth-bypass.html
https://www.exploit-db.com/exploits/47078
https://packetstormsecurity.com/files/153541/WordPress-Like-Button-1.6.0-Authentication-Bypass.html
Related Vulnerabilities
WordPress Plugin Import CSV Directory Traversal (1.0)
WordPress Plugin Advanced Page Manager Cross-Site Scripting (1.4.1)
WordPress Plugin LB Tube Video for WordPress Cross-Site Scripting (1.0)
WordPress Plugin Broken Link Manager Multiple Vulnerabilities (0.4.5)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1643)