WP-Safety

Like Button Rating ♥ LikeBtn Security & Risk Analysis

wordpress.org/plugins/likebtn-like-button

Add Like button to posts, pages, comments, WooCommerce, BuddyPress, bbPress, UM, custom posts! Sort content by likes! Get instant stats and insights!

4K active installs v2.6.59 PHP + WP 2.8+ Updated Mar 12, 2026
likelike-buttonratingvotevoting
96
A · Safe
CVEs total5
Unpatched0
Last CVEAug 29, 2024
Plugin page Download
Safety Verdict

Is Like Button Rating ♥ LikeBtn Safe to Use in 2026?

Generally Safe

Score 96/100

Like Button Rating ♥ LikeBtn has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Aug 29, 2024Updated 2mo ago
Risk Assessment

The 'likebtn-like-button' v2.6.59 plugin exhibits a mixed security posture. While it shows strengths in using prepared statements for SQL queries (86%) and proper output escaping (85%), these are overshadowed by significant concerns in its attack surface and historical vulnerability trends. The presence of 4 AJAX handlers without authentication checks is a notable weakness, potentially allowing unauthorized actions. Furthermore, the taint analysis reveals 4 high-severity flows with unsanitized paths, indicating a risk of malicious input being processed without adequate validation, which could lead to various exploits. The plugin's vulnerability history is also a red flag, with 5 known CVEs, including one high-severity and four medium-severity vulnerabilities. The common types of past vulnerabilities such as Cross-site Scripting, Missing Authorization, and SSRF, coupled with the recent discovery of a high-severity issue, suggest recurring security oversights. Although there are no currently unpatched CVEs, the pattern of past vulnerabilities and the identified code weaknesses point to a need for more robust security practices in development and a cautious approach to its deployment. The outdated bundled library (Select2 v3.5.1) adds another layer of potential risk.

Key Concerns

  • AJAX handlers without authorization checks
  • High severity taint flows with unsanitized paths
  • Bundled outdated library (Select2 v3.5.1)
  • High severity vulnerability in history
  • Medium severity vulnerabilities in history
Vulnerabilities
5 published

Like Button Rating ♥ LikeBtn Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
2 CVEs in 2021
2021
1 CVE in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
4

5 total CVEs

CVE-2024-44064medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Like Button Rating <= 2.6.53 - Cross-Site Request Forgery

Aug 29, 2024 Patched in 2.6.54 (48d)
CVE-2022-0745medium · 5Missing Authorization

Like Button Rating ♥ LikeBtn <= 2.6.44 - Arbitrary e-mail Sending

May 23, 2022 Patched in 2.6.45 (610d)
CVE-2021-24945medium · 6.5Exposure of Sensitive Information to an Unauthorized Actor

Like Button Rating <= 2.6.37 - Unauthorised Vote Export to Email & IP Addresses Disclosure

Nov 11, 2021 Patched in 2.6.38 (803d)
CVE-2021-24150high · 7.5Server-Side Request Forgery (SSRF)

Like Button Rating ♥ LikeBtn < 2.6.32 - Server-Side Request Forgery

Feb 6, 2021 Patched in 2.6.32 (1081d)
WF-227886e8-99d9-49b3-a1a8-b06b02d331bc-likebtn-like-buttonmedium · 6.5Improper Authentication

Like Button Rating <= 2.5.3 - Arbitrary Settings Change

Nov 2, 2017 Patched in 2.5.4 (2273d)
Version History

Like Button Rating ♥ LikeBtn Release Timeline

v2.6.59Current
v2.6.58
v2.6.57
v2.6.56
v2.6.55
v2.6.54
v2.6.531 CVE
CVE-2024-44064
v2.6.521 CVE
CVE-2024-44064
v2.6.511 CVE
CVE-2024-44064
v2.6.501 CVE
CVE-2024-44064
v2.6.491 CVE
CVE-2024-44064
v2.6.481 CVE
CVE-2024-44064
v2.6.471 CVE
CVE-2024-44064
v2.6.461 CVE
CVE-2024-44064
v2.6.451 CVE
CVE-2024-44064
v2.6.442 CVEs
CVE-2024-44064 CVE-2022-0745
v2.6.432 CVEs
CVE-2024-44064 CVE-2022-0745
v2.6.422 CVEs
CVE-2024-44064 CVE-2022-0745
v2.6.412 CVEs
CVE-2024-44064 CVE-2022-0745
v2.6.402 CVEs
CVE-2024-44064 CVE-2022-0745
Code Analysis
Analyzed Mar 16, 2026

Like Button Rating ♥ LikeBtn Code Analysis

Dangerous Functions
0
Raw SQL Queries
13
83 prepared
Unescaped Output
188
1031 escaped
Nonce Checks
15
Capability Checks
14
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select23.5.1

SQL Query Safety

86% prepared96 total queries

Output Escaping

85% escaped1219 total outputs
Data Flows · Security
10 unsanitized

Data Flow Analysis

13 flows10 with unsanitized paths
_likebtn_bulk_actions (likebtn_like_button.php:3546)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Like Button Rating ♥ LikeBtn Attack Surface

Entry Points23
Unprotected4

AJAX Handlers 18

authwp_ajax_likebtn_system_checklikebtn_like_button.php:5128
authwp_ajax_likebtn_test_vote_notificationlikebtn_like_button.php:5200
authwp_ajax_likebtn_test_synclikebtn_like_button.php:5258
authwp_ajax_likebtn_check_accountlikebtn_like_button.php:5310
noprivwp_ajax_likebtn_force_plan_synclikebtn_like_button.php:5332
authwp_ajax_likebtn_edit_itemlikebtn_like_button.php:5410
authwp_ajax_likebtn_refresh_planlikebtn_like_button.php:5453
authwp_ajax_likebtn_go_freelikebtn_like_button.php:5495
authwp_ajax_likebtn_ipvi_getlikebtn_like_button.php:5551
authwp_ajax_likebtn_plugin_feedbacklikebtn_like_button.php:5591
authwp_ajax_likebtn_exportlikebtn_like_button.php:5666
authwp_ajax_likebtn_export_voteslikebtn_like_button.php:5799
authwp_ajax_likebtn_vgaphlikebtn_like_button.php:5917
authwp_ajax_likebtn_event_handlerlikebtn_like_button.php:6852
noprivwp_ajax_likebtn_event_handlerlikebtn_like_button.php:6853
authwp_ajax_likebtn_prxlikebtn_like_button.php:7276
noprivwp_ajax_likebtn_prxlikebtn_like_button.php:7277
authwp_ajax_likebtn_dismiss_reviewlikebtn_like_button.php:7559

Shortcodes 5

[likebtn] likebtn_like_button.php:3731
[likebtn_most_liked] likebtn_like_button.php:3760
[likebtn_liked_by_user] likebtn_like_button.php:3786
[likebtn_category_likes] likebtn_like_button.php:3824
[likebtn_user_votes] likebtn_like_button.php:3869
WordPress Hooks 64
filterbbp_has_replies_queryincludes\bbpress.php:72
filterbp_notifications_get_registered_componentsincludes\buddypress.php:21
filterbp_notifications_get_notifications_for_userincludes\buddypress.php:108
actiontemplate_redirectincludes\buddypress.php:212
actionbp_activity_filter_optionsincludes\buddypress.php:350
actionbp_member_activity_filter_optionsincludes\buddypress.php:352
actionbp_group_activity_filter_optionsincludes\buddypress.php:354
filterbp_activity_allowed_tagsincludes\buddypress.php:370
filterbp_activity_paged_activities_sqlincludes\buddypress.php:422
filterbp_activity_get_user_join_filterincludes\buddypress.php:426
filterbp_activity_total_activities_sqlincludes\buddypress.php:427
filtergamipress_activity_triggersincludes\gamipress.php:163
filterlikebtn_voteincludes\gamipress.php:164
filtergamipress_log_event_trigger_meta_dataincludes\gamipress.php:166
filtergamipress_log_extra_data_fieldsincludes\gamipress.php:167
actionwidgets_initincludes\likebtn_like_button_most_liked_widget.class.php:378
actionlikebtn_mycred_likeincludes\likebtn_mycred.class.php:86
actionlikebtn_mycred_dislikeincludes\likebtn_mycred.class.php:87
filterrequestincludes\meta_columns.php:17
actionadmin_initincludes\meta_columns.php:20
filterlanguage_attributesincludes\open_graph.php:9
actionwp_headincludes\open_graph.php:10
filterum_pre_header_editprofileincludes\um.php:13
filterum_members_just_after_nameincludes\um.php:19
filterum_profile_tabsincludes\um.php:31
actionum_profile_content_likebtn-liked-content_defaultincludes\um.php:47
actioninitlikebtn_like_button.php:1720
filterplugin_action_linkslikebtn_like_button.php:1732
actionadmin_menulikebtn_like_button.php:1763
actionadmin_footerlikebtn_like_button.php:1807
actionadmin_headlikebtn_like_button.php:1848
actionadmin_noticeslikebtn_like_button.php:2191
actionadmin_noticeslikebtn_like_button.php:2213
actionadmin_noticeslikebtn_like_button.php:2246
actionadmin_initlikebtn_like_button.php:2565
filtermycred_all_referenceslikebtn_like_button.php:4069
filtermycred_setup_hookslikebtn_like_button.php:4072
actionafter_setup_themelikebtn_like_button.php:4074
filterthe_contentlikebtn_like_button.php:4777
filterthe_excerptlikebtn_like_button.php:4778
actionwoocommerce_after_shop_loop_item_titlelikebtn_like_button.php:4828
actionwoocommerce_after_shop_loop_item_titlelikebtn_like_button.php:4829
actionwoocommerce_single_product_summarylikebtn_like_button.php:4833
actionwoocommerce_after_main_contentlikebtn_like_button.php:4834
actionloop_startlikebtn_like_button.php:4836
filtercomment_textlikebtn_like_button.php:4955
actionbp_before_member_header_metalikebtn_like_button.php:6281
filterbp_get_activity_actionlikebtn_like_button.php:6390
filterbp_activity_entry_contentlikebtn_like_button.php:6393
actionbp_activity_entry_metalikebtn_like_button.php:6396
filterbp_get_activity_contentlikebtn_like_button.php:6399
filterbp_activity_comment_optionslikebtn_like_button.php:6400
filterbp_get_activity_content_bodylikebtn_like_button.php:6401
filterbp_has_topic_postslikebtn_like_button.php:6409
filterbbp_theme_before_reply_admin_linkslikebtn_like_button.php:6518
filterbbp_theme_after_reply_admin_linkslikebtn_like_button.php:6519
filterbbp_get_reply_author_linklikebtn_like_button.php:6521
filterbbp_has_replieslikebtn_like_button.php:6567
actionbbp_theme_after_reply_contentlikebtn_like_button.php:6568
actionbbp_template_after_user_profilelikebtn_like_button.php:6569
actionwp_enqueue_scriptslikebtn_like_button.php:6579
actionwp_enqueue_scriptslikebtn_like_button.php:6597
actionwp_footerlikebtn_like_button.php:7400
actionadmin_noticeslikebtn_like_button.php:7547
Maintenance & Trust

Like Button Rating ♥ LikeBtn Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version
Downloads489K

Community Trust

Rating88/100
Number of ratings272
Active installs4K
Alternatives

Like Button Rating ♥ LikeBtn Alternatives

Pro Like Button

Pro Like Button

prolike-button

A
85

Adds buttons to posts with the ability to sort them.

10 No CVEs
Managed posts rating ★ Like button

Managed posts rating ★ Like button

managed-posts-rating-like-button

A
100

Rating system for your WordPress site with a simple "like" button and advanced admin panel.

10 No CVEs
GD Rating System

GD Rating System

gd-rating-system

B
80

Powerful, highly customizable and versatile ratings plugin to allow your users to vote for anything you want.

1K 13 CVEs
bbPress Voting

bbPress Voting

bbp-voting

A
100

Let visitors vote up and down on bbPress topics and replies just like Reddit or Stack Overflow!

500 1 CVE
Simple Vote – Share your Thought, By A Like/Dislike Vote!

Simple Vote – Share your Thought, By A Like/Dislike Vote!

simple-vote

A
85

ALLOW YOUR VISITORS TO SHARE THEIR THOUGHTS ON YOUR CONTENT, BY VOTE!

80 No CVEs
Developer Profile

Like Button Rating ♥ LikeBtn Developer Profile

LikeBtn

1 plugin · 4K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
963 days
View full developer profile
Detection Fingerprints

How We Detect Like Button Rating ♥ LikeBtn

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/likebtn-like-button/css/styles.css/wp-content/plugins/likebtn-like-button/css/new-styles.css/wp-content/plugins/likebtn-like-button/js/likebtn.js/wp-content/plugins/likebtn-like-button/js/likebtn.min.js
Script Paths
w.likebtn.com/js/w/widget.js
Version Parameters
likebtn-like-button/css/styles.css?ver=likebtn-like-button/css/new-styles.css?ver=likebtn-like-button/js/likebtn.js?ver=likebtn-like-button/js/likebtn.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
likebtn-buttonlikebtn-render-container
Data Attributes
data-likebtn-iddata-likebtn-custom-styledata-likebtn-show-dislikedata-likebtn-selectordata-likebtn-counter
JS Globals
LikeBtn
Shortcode Output
[likebtn_off][likebtn_likes][likebtn_dislikes]
FAQ

Frequently Asked Questions about Like Button Rating ♥ LikeBtn