Published: 03/07/2014 Updated: 15/11/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin prior to 4.5 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sharethis simple share buttons adder 2.2
sharethis simple share buttons adder 2.0
sharethis simple share buttons adder 1.0
sharethis simple share buttons adder 3.2
sharethis simple share buttons adder 3.9
sharethis simple share buttons adder 3.8
sharethis simple share buttons adder 1.5
sharethis simple share buttons adder 2.3
sharethis simple share buttons adder 1.1
sharethis simple share buttons adder 3.1
sharethis simple share buttons adder 3.0
sharethis simple share buttons adder 2.9
sharethis simple share buttons adder 1.3
sharethis simple share buttons adder 4.1
sharethis simple share buttons adder 4.0
sharethis simple share buttons adder 2.4
sharethis simple share buttons adder
sharethis simple share buttons adder 4.2
sharethis simple share buttons adder 3.5
sharethis simple share buttons adder 2.8
sharethis simple share buttons adder 2.6
sharethis simple share buttons adder 1.9
sharethis simple share buttons adder 1.7
sharethis simple share buttons adder 4.3
sharethis simple share buttons adder 3.4
sharethis simple share buttons adder 2.7
sharethis simple share buttons adder 1.6
sharethis simple share buttons adder 1.4
sharethis simple share buttons adder 1.2
sharethis simple share buttons adder 3.7
sharethis simple share buttons adder 2.1
sharethis simple share buttons adder 3.3
sharethis simple share buttons adder 3.6
sharethis simple share buttons adder 2.5
sharethis simple share buttons adder 1.8

Details ================ Software: Simple Share Buttons Adder Version: 44 Homepage: wordpressorg/plugins/simple-share-buttons-adder/ Advisory report: securitydxwcom/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/ CVE: Awaiting assignment CVSS: 58 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:P) Description ================ C ...

CWE-352 https://wordpress.org/plugins/simple-share-buttons-adder/changelog https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html http://seclists.org/fulldisclosure/2014/Jun/138 https://nvd.nist.gov https://www.exploit-db.com/exploits/33896/

CVE-2014-4717

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect