Shareaholic < 9.7.6 – Information Disclosure | CVE 2022-0594 | Plugin Vulnerabilities

Description

The plugin does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=shareaholic_debug_info

In v < 9.7.5, unauthenticated users can access it, in 9.7.5 it's only available to author roles and above

Affects Plugins

Fixed in 9.7.6

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Brandon James Roldan

Submitter

Brandon James Roldan

Submitter twitter

Verified

Yes

WPVDB ID

4de9451e-2c8d-4d99-a255-b027466d29b1

Timeline

Publicly Published

2022-07-04 (about 1 years ago)

Added

2022-07-04 (about 1 years ago)

Last Updated

2023-04-08 (about 1 years ago)

Other

Published

Title

Published

2020-08-20

Title

Advanced Access Manager < 6.6.2 - Authenticated Information Disclosure

Published

2021-02-16

Title

Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure

Published

2021-11-29

Title

CorreosExpress <= 2.6.0 - Sensitive Information Disclosure

Published

2024-05-03

Title

Robo Gallery < 3.2.19 - Unauthenticated Information Exposure

Published

2023-10-16

Title

simple-download-button-shortcode <= 1.1.1 - Sensitive Data Disclosure