4 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Múltiples vulnerabilidades de inyección SQL (SQLi) Autenticado (rol de suscriptor o usuario superior) en el plugin Social Share Buttons by Supsystic versiones anteriores a 2.2.3 incluyéndola, en WordPress The Social Share Buttons by Supsystic plugin for WordPress is vulnerable to SQL Injection via several unknown parameters in versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Múltiples vulnerabilidades de Control de Acceso Roto en el plugin Social Share Buttons by Supsystic versiones anteriores a 2.2.3 en WordPress The Social Share Buttons by Supsystic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various functions in versions up to, and including, 2.2.3. This makes it possible for authenticated attackers with subscriber level permissions and above to perform a wide variety of actions such as modifying the plugin's settings. • https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. El plugin Social Share Buttons by Supsystic de WordPress versiones anteriores a 2.2.4, no lleva a cabo comprobaciones de tipo CSRF en sus endpoints ajax y páginas de administración, lo que permite a un atacante engañar a cualquier usuario con sesión iniciada para manipular o cambiar la configuración del plugin, así como crear, eliminar y renombrar proyectos y redes • https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Social Share Buttons by Supsystic &lt;= 2.2.2 en WordPress Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. • https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/social-share-buttons-by-supsystic • CWE-352: Cross-Site Request Forgery (CSRF) •