WordPress Add Social Share Messenger Buttons Whatsapp and Viber plugin <= 1.0.8 - Cross-site Request Forgery (CSRF) vulnerability

Back

Product: Add Social Share Messenger Buttons Whatsapp and Viber
Description: Cross-site Request Forgery (CSRF) vulnerability found by ThreatPress Research Team in WordPress Add Social Share Messenger Buttons Whatsapp and Viber plugin (versions <= 1.0.8).
Solution: 3 June 2018 - plugin still closed by WordPress Security team, no patched version available.
Classification: Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References: Plugin changelog
Vulnerability description
CVE: Name CVE-2018-11632
Versions: Affected In <= 1.0.8
Fixed In 1.0.9
Disclosure date: 2018-06-03
Credits: ThreatPress
Submitter: ThreatPress