Exploitation Summary
EIP tracks 1 public exploit for CVE-2025-32259. PoCs published by HossamEAhmed.
AI-analyzed exploit summary This PoC demonstrates an unauthenticated content spoofing vulnerability in WP ULike ≤ 4.7.9.1, allowing unauthenticated users to spoof 'like' actions via AJAX requests by exploiting missing authorization checks.
Description
Missing Authorization vulnerability in Alimir WP ULike wp-ulike.This issue affects WP ULike: from n/a through <= 4.7.9.1.
Exploits (1)
nomisec
WORKING POC
by HossamEAhmed · poc
https://github.com/HossamEAhmed/wp-ulike-cve-2025-32259-poc
This PoC demonstrates an unauthenticated content spoofing vulnerability in WP ULike ≤ 4.7.9.1, allowing unauthenticated users to spoof 'like' actions via AJAX requests by exploiting missing authorization checks.
Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
WP ULike WordPress plugin ≤ 4.7.9.1
No auth needed
Prerequisites:
Target site running vulnerable WP ULike plugin · Valid post ID
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Scores
CVSS v3
5.3
EPSS
0.0027
EPSS Percentile
18.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (1)
Alimir/WP ULike
< 4.7.9.1
Published
Apr 10, 2025
Tracked Since
Feb 18, 2026