Lucene search
China National Vulnerability DatabaseCNVD-2022-57623HistoryJun 30, 2022 - 12:00 a.m.
WordPress Social Share Buttons by Supsystic plugin跨站请求伪造漏洞
2022-06-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
wordpress
supsystic
social share buttons
csrf
vulnerability
cross-site request forgery
ajax
administration pages
logged-in user
manipulating settings
changing settings
creating items
deleting items
renaming items
networks
EPSS
0.001
Percentile
25.9%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Social Share Buttons by Supsystic plugin versions prior to 2.2.4 are vulnerable to cross-site request forgery, which stems from a failure to perform CSRF checks on its ajax endpoint and administration pages. An attacker could use this vulnerability to trick any logged-in user into manipulating or changing plugin settings, as well as creating, deleting, and renaming items and networks.
Related
cve
cve
CVE-2022-1653
2022-06-27 09:15:09
wpvulndb
wpvulndb
Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
2022-06-01 00:00:00
cvelist
cvelist
CVE-2022-1653 Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
2022-06-27 08:57:22
nvd
nvd
CVE-2022-1653
2022-06-27 09:15:09
prion
prion
Cross site request forgery (csrf)
2022-06-27 09:15:00
patchstack
patchstack
wpexploit
wpexploit
Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
2022-06-01 00:00:00