WordPress Plugin Vulnerabilities

Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF

Description

The Simple Share Buttons Adder WordPress plugin was affected by an options-general.php Multiple Admin Actions CSRF security vulnerability.

Affects Plugins

Plugin icon
simple-share-buttons-adder
Fixed in 4.5

References

CVE
CVE-2014-4717
Exploitdb
33896
URL
https://packetstormsecurity.com/files/#127238/
URL
https://advisories.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Verified
No
WPVDB ID
47a06628-0aff-4eb6-a5e4-8ac27204f264

Timeline

Publicly Published
2014-06-26 (about 9 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2024-03-25
Title
NPS computy < 2.7.6 - Results Deletion via CSRF
Published
2023-09-29
Title
Add Shortcodes Actions And Filters < 2.10 - Settings Update via CSRF
Published
2024-03-28
Title
HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.5.2 - Cross-Site Request Forgery
Published
2024-04-11
Title
ELEX WooCommerce Dynamic Pricing and Discounts < 2.1.3 - Cross-Site Request Forgery
Published
2023-02-24
Title
Feed Them Social < 4.0.0 - Settings Update via CSRF