Lucene search

[email protected]NVD:CVE-2022-1653

HistoryJun 27, 2022 - 9:15 a.m.

CVE-2022-1653

2022-06-2709:15:09

CWE-352

[email protected]

web.nvd.nist.gov

wordpress plugin

csrf vulnerability

supsystic

ajax endpoints

admin pages

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

25.9%

JSON

The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it’s ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.

Affected configurations

Nvd

Node

supsysticsocial_share_buttonsRange<2.2.4wordpress

VendorProductVersionCPE
supsysticsocial_share_buttons*cpe:2.3:a:supsystic:social_share_buttons:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
supsystic	social_share_buttons	*	cpe:2.3:a:supsystic:social_share_buttons::::::wordpress::*

References

wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

25.9%

JSON

Related for NVD:CVE-2022-1653

cnvd1 cve1 wpvulndb1 cvelist1 prion1 patchstack1 wpexploit1