Woocommerce Social Media Share Buttons <= 1.3.0 – Cross-Site Request Forgery to Cross-Site Scripting | CVE 2024-31109 | Plugin Vulnerabilities

Description

The Woocommerce Social Media Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to inject malicious web scripts granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.

Affects Plugins

woocommerce-social-media-share-buttons

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/c5c96063-a6ac-4325-9f44-a6f8344e00ef

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Dimas Maulana

Verified

No

WPVDB ID

2f891b2e-56ee-44e8-b175-d05e4c6acc8f

Timeline

Publicly Published

2024-03-29 (about 2 years ago)

Added

2024-04-04 (about 2 years ago)

Last Updated

2024-04-04 (about 2 years ago)

Other

Published

Title

Published

2025-04-01

Title

Cache control by Cacholong <= 5.4.1 - Cross-Site Request Forgery

Published

2023-07-10

Title

Social Media Icons Widget <= 1.6 - Cross-Site Request Forgery

Published

2023-11-07

Title

Auto Affiliate Links < 6.4.2.5 - Settings Update to Stored XSS via CSRF

Published

2023-09-01

Title

Responsive Gallery Grid < 2.3.14 - Settings Update via CSRF

Published

2025-09-22

Title

Travel Map < 1.0.4 - Cross-Site Request Forgery