CVE-2022-1653

Published: Jun 27, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.

Affected (1)

Products: Supsystic: Social Share Buttons

1 product

Social Share Buttons

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Supsystic Social Share Buttons	Before 2.2.4

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.