5.3
CVE-2022-0594
- EPSS 1.54%
- Veröffentlicht 25.07.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:38:59
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginShareaholic < 9.7.6 - Information Disclosure
Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic <= 9.7.5 - Information Disclosure
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
Mögliche Gegenmaßnahme
Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic: Update to version 9.7.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Shareaholic ≫ Shareaholic SwPlatformwordpress Version < 9.7.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic
Version
*-9.7.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.54% | 0.717 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1
https://www.wordfence.com/threat-intel/vulnerabilities/id/d05f7b77-382b-422a-8096-f47291f4dc45