CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27235 – WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities
https://notcve.org/view.php?id=CVE-2022-27235
09 Jun 2022 — Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Múltiples vulnerabilidades de Control de Acceso Roto en el plugin Social Share Buttons by Supsystic versiones anteriores a 2.2.3 en WordPress The Social Share Buttons by Supsystic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various functions in versions up to, and including, 2.2.3. This makes it possible for authenticated attackers with subscrib... • https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33960 – WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-33960
09 Jun 2022 — Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Múltiples vulnerabilidades de inyección SQL (SQLi) Autenticado (rol de suscriptor o usuario superior) en el plugin Social Share Buttons by Supsystic versiones anteriores a 2.2.3 incluyéndola, en WordPress The Social Share Buttons by Supsystic plugin for WordPress is vulnerable to SQL Injection via several unknown parameters in versions up to, and inc... • https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1653 – Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
https://notcve.org/view.php?id=CVE-2022-1653
01 Jun 2022 — The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. El plugin Social Share Buttons by Supsystic de WordPress versiones anteriores a 2.2.4, no lleva a cabo comprobaciones de tipo CSRF en sus endpoints ajax y páginas de administración, lo que permite a un atacante engañar a ... • https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36890 – WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2021-36890
27 May 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Social Share Buttons by Supsystic <= 2.2.2 en WordPress Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. • https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •