4.3
CVE-2022-1653
- EPSS 0.1%
- Veröffentlicht 27.06.2022 09:15:09
- Zuletzt bearbeitet 21.11.2024 06:41:11
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginSocial Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery to Settings Update
The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.
Mögliche Gegenmaßnahme
Social Share Buttons by Supsystic: Update to version 2.2.4, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Social Share Buttons by Supsystic
Version
*-2.2.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Supsystic ≫ Social Share Buttons SwPlatformwordpress Version < 2.2.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.29 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.