CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1626 – Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2022-1626
The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them El plugin Sharebar de WordPress a través de la versión 1.4.1 no tiene una comprobación de CSRF cuando se actualiza su configuración, lo que podría permitir a los atacantes hacer que un administrador conectado los cambie a través de un ataque CSRF y también conducir a un problema de Cross-Site Scripting almacenado debido a la falta de sanitización y escape en algunos de ellos • https://wpscan.com/vulnerability/3d1f90d9-45da-42f8-93f8-15c8a4ff90ca • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6718 – Sharebar <= 1.2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6718
The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. El plugin sharebar antes de 1.2.2 para WordPress tiene XSS, un problema diferente que CVE-2013-3491. The Sharebar plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/sharebar/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6719 – Sharebar <= 1.2.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2012-6719
The sharebar plugin before 1.2.2 for WordPress has SQL injection. El plugin sharebar antes de 1.2.2 para WordPress tiene inyección SQL. The sharebar plugin before 1.2.2 for WordPress has SQL injection via id parameter. • https://wordpress.org/plugins/sharebar/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •