CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
71.9%
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
Vendor | Product | Version | CPE |
---|---|---|---|
sharethis | simple_share_buttons_adder | * | cpe:2.3:a:sharethis:simple_share_buttons_adder:*:*:*:*:*:wordpress:*:* |
sharethis | simple_share_buttons_adder | 1.0 | cpe:2.3:a:sharethis:simple_share_buttons_adder:1.0:*:*:*:*:wordpress:*:* |
sharethis | simple_share_buttons_adder | 1.1 | cpe:2.3:a:sharethis:simple_share_buttons_adder:1.1:*:*:*:*:wordpress:*:* |
sharethis | simple_share_buttons_adder | 1.2 | cpe:2.3:a:sharethis:simple_share_buttons_adder:1.2:*:*:*:*:wordpress:*:* |
sharethis | simple_share_buttons_adder | 1.3 | cpe:2.3:a:sharethis:simple_share_buttons_adder:1.3:*:*:*:*:wordpress:*:* |
sharethis | simple_share_buttons_adder | 1.4 | cpe:2.3:a:sharethis:simple_share_buttons_adder:1.4:*:*:*:*:wordpress:*:* |
sharethis | simple_share_buttons_adder | 1.5 | cpe:2.3:a:sharethis:simple_share_buttons_adder:1.5:*:*:*:*:wordpress:*:* |
sharethis | simple_share_buttons_adder | 1.6 | cpe:2.3:a:sharethis:simple_share_buttons_adder:1.6:*:*:*:*:wordpress:*:* |
sharethis | simple_share_buttons_adder | 1.7 | cpe:2.3:a:sharethis:simple_share_buttons_adder:1.7:*:*:*:*:wordpress:*:* |
sharethis | simple_share_buttons_adder | 1.8 | cpe:2.3:a:sharethis:simple_share_buttons_adder:1.8:*:*:*:*:wordpress:*:* |
More