Thread Starter
msstm
(@msstm)
I guess that the plugin developer doesn’t care?
Plugin Author
Alimir
(@alimir)
Hi,
Thanks for reaching out. We’ve recently reviewed this report and want to clarify that it’s related to a known behavior where users can generate spam likes if voting is not restricted to logged-in users. This is not a security vulnerability but rather an abuse of open access settings.
We’ve seen this issue before and are actively working on a more robust solution. However, it’s a bit complex due to the ability of users to change their IP addresses, which makes standard rate-limiting less effective.That said, I can assure you there is no security risk to your website or its data integrity.
In the meantime, we strongly recommend enabling the “Logged-in users only” option in the plugin settings to prevent such behavior.
We’re also in contact with the source of the report and will request a title change or removal once our solution is finalized.
Thanks for your patience and understanding!
Thanks for the response Alimir.
Note: PatchStack has the following comment under Solutions…
‘This security issue has a low severity impact and is unlikely to be exploited‘
https://patchstack.com/database/wordpress/plugin/wp-ulike/vulnerability/wordpress-wp-ulike-plugin-4-7-9-1-content-spoofing-vulnerability
