WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Shareaholic < 9.7.6 - Information Disclosure

Description

The plugin does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=shareaholic_debug_info

In v < 9.7.5, unauthenticated users can access it, in 9.7.5 it's only available to author roles and above

Affects Plugins

shareaholic
Fixed in version 9.7.6

References

CVE
CVE-2022-0594

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200

Miscellaneous

Original Researcher

Brandon James Roldan

Submitter

Brandon James Roldan

Submitter twitter
tomorrowisnew_
Verified

Yes

WPVDB ID
4de9451e-2c8d-4d99-a255-b027466d29b1

Timeline

Publicly Published

2022-07-04 (about 5 months ago)

Added

2022-07-04 (about 5 months ago)

Last Updated

2022-07-05 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin