5.3
CVE-2022-0594
- EPSS 43.98%
- Veröffentlicht 25.07.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:38:59
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginProfessional Social Sharing Buttons, Icons & Related Posts – Shareaholic <= 9.7.5 - Information Disclosure
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
Mögliche Gegenmaßnahme
Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic: Update to version 9.7.6, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic
Version
*-9.7.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Shareaholic ≫ Shareaholic SwPlatformwordpress Version < 9.7.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 43.98% | 0.975 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.