cleantalk
Vulnerabilities and Security Researches

WP ULike – Most Advanced WordPress Marketing Toolkit, CVE-2018-1000508

CVE, Research URL

CVE-2018-1000508

Home page URL

Security reports for WP ULike – Most Advanced WordPress Marketing Toolkit

Application

WP ULike – Most Advanced WordPress Marketing Toolkit

Published on
Jun 26, 2018
Research Description
WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3.2.
Affected versions
Min -, max 3.2.
Status
vulnerable
Previous vulnerability researches
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2023-45640) , Jun 07, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2024-9649) , Oct 17, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2018-1000508) , Jun 07, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2018-1000511) , Jun 07, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2022-45842) , Jun 07, 2024
New vulnerability
Activity Reactions For Buddypress (CVE-2025-31006) , Apr 14, 2025
Terminal Africa (CVE-2025-32515) , Apr 14, 2025
iONE360 configurator (CVE-2025-32529) , Apr 14, 2025
Related Videos for JW Player (CVE-2025-32516) , Apr 14, 2025
Cool Flipbox – Shortcode & Gutenberg Block (CVE-2025-32521) , Apr 14, 2025