WordPress Plugin Vulnerabilities

Social Sharing Plugin – Kiwi < 2.1.8 - Information Disclosure

Description

The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts.

Affects Plugins

Plugin icon
kiwi-social-share
Fixed in 2.1.8

References

CVE
CVE-2024-3228
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/896a038f-fe54-4120-842e-093ef236a898

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Verified
No
WPVDB ID
2acc6660-f0aa-45ba-bc49-03d327fddfe2

Timeline

Publicly Published
2024-07-08 (about 1 year ago)
Added
2024-07-08 (about 1 year ago)
Last Updated
2024-07-09 (about 1 year ago)

Other

Published
Title
Published
2025-08-15
Title
Poll Maker – Versus Polls, Anonymous Polls, Image Polls < 5.9.0 - Unauthenticated Basic Information Exposure
Published
2024-07-10
Title
Branda – White Label WordPress, Custom Login Page Customizer < 3.4.19 - Unauthenticated Full Path Disclosure
Published
2024-08-14
Title
ElementsKit Pro < 3.6.7 - Authenticated (Contributor+) Sensitive Information Exposure
Published
2026-05-01
Title
Widgets for Social Photo Feed < 1.8.1 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints
Published
2023-09-25
Title
Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure