ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Simple Social Media Share Buttons plugin 2.0.4-2.0.21 - Authenticated Option Injection vulnerability

Product
Simple Social Media Share Buttons
Description
Authenticated Option Injection vulnerability found by Luka Šikić in WordPress Simple Social Media Share Buttons plugin (versions 2.0.4-2.0.21).
Solution
Update the WordPress Simple Social Media Share Buttons plugin to the latest available version (at least 2.0.22).
Classification
Type BYPASS
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In 2.0.4-2.0.21
Fixed In 2.0.22
Disclosure date
2019-02-12
Credits
Luka Šikić (WebARX)
Submitter
ThreatPress