CVE-2021-24945 – The LikeBtn WordPress plugin before version 2.6... (How to Fix)

Q: What is the severity of CVE-2021-24945?

CVE-2021-24945 has a CVSS score of 8.0 (HIGH). The LikeBtn WordPress plugin before version 2.6.38 lacks authorization and CSRF protection in its export function, allowing any authenticated user (even subscribers) to export lists of email addresses and IPs of users who liked content. This affects WordPress sites using the vulnerable plugin version.

📋 TL;DR

The LikeBtn WordPress plugin before version 2.6.38 lacks authorization and CSRF protection in its export function, allowing any authenticated user (even subscribers) to export lists of email addresses and IPs of users who liked content. This affects WordPress sites using the vulnerable plugin version.

💻 Affected Systems

Products:

Like Button Rating ♥ LikeBtn WordPress Plugin

Versions: Versions before 2.6.38

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the plugin enabled and at least one authenticated user.

📦 What is this software?

Like Button Rating by Likebtn

View all CVEs affecting Like Button Rating →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could harvest email addresses and IPs for phishing campaigns, targeted attacks, or privacy violations, potentially leading to data breaches or regulatory penalties.

🟠

Likely Case

Low-privilege users or compromised accounts export voter data, exposing personal information and violating user privacy.

🟢

If Mitigated

With proper access controls, only authorized administrators can export data, limiting exposure to trusted personnel.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward via AJAX requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.38

Vendor Advisory: https://wpscan.com/vulnerability/d7618061-a7fa-4da4-9384-be19bc5e8548

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Like Button Rating ♥ LikeBtn' and update to version 2.6.38 or later. 4. Verify update completes successfully.

🔧 Temporary Workarounds

Disable Plugin

linux

Temporarily deactivate the plugin to prevent exploitation until patching.

wp plugin deactivate likebtn-like-button

Restrict AJAX Access

all

Use web application firewall or .htaccess to block unauthorized access to the vulnerable AJAX endpoint.

# Add to .htaccess: RewriteRule ^wp-admin/admin-ajax\.php\?action=likebtn_export_votes - [F]

🧯 If You Can't Patch

Restrict user registration and monitor for suspicious subscriber activity.
Implement network segmentation to limit internal access to the WordPress admin interface.

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is below 2.6.38, it is vulnerable.

Check Version:

wp plugin get likebtn-like-button --field=version

Verify Fix Applied:

Confirm plugin version is 2.6.38 or higher after update. Test export function with subscriber account; it should fail.

📡 Detection & Monitoring

Log Indicators:

Unusual AJAX requests to 'admin-ajax.php' with action=likebtn_export_votes from non-admin users
Multiple failed authentication attempts followed by successful subscriber login

Network Indicators:

HTTP POST requests to /wp-admin/admin-ajax.php containing 'action=likebtn_export_votes' from unexpected IPs

SIEM Query:

source="wordpress.log" AND "admin-ajax.php" AND "likebtn_export_votes" AND user_role="subscriber"

📊 Metadata

CVE ID: CVE-2021-24945

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-200

Published: December 13, 2021

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/d7618061-a7fa-4da4-9384-be19bc5e8548 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/d7618061-a7fa-4da4-9384-be19bc5e8548 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24945, you might also want to check these: