cleantalk
Vulnerabilities and Security Researches

Like-it, CVE-2025-12404

CVE, Research URL

CVE-2025-12404

Home page URL

Security reports for Like-it

Application

Like-it

Published on
Nov 18, 2025
Research Description
The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the likeit_conf() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.2.
Status
vulnerable
Previous vulnerability researches
Advanced Flamingo (CVE-2023-52226) , Jun 07, 2024
New vulnerability
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-63044) , Dec 11, 2025
CSS3 Buttons (CVE-2025-13907) , Dec 11, 2025
Booster for WooCommerce (CVE-2025-64380) , Dec 11, 2025
Booster for WooCommerce (CVE-2025-64379) , Dec 11, 2025
Custom Sidebars by ProteusThemes (CVE-2025-62733) , Dec 11, 2025