WordPress Plugin Vulnerabilities
Shareaholic < 9.7.6 - Information Disclosure
Description
The plugin does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
Proof of Concept
https://example.com/wp-admin/admin-ajax.php?action=shareaholic_debug_info In v < 9.7.5, unauthenticated users can access it, in 9.7.5 it's only available to author roles and above
Affects Plugins
References
CVE
Classification
Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Brandon James Roldan
Submitter
Brandon James Roldan
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-07-04 (about 1 years ago)
Added
2022-07-04 (about 1 years ago)
Last Updated
2023-04-08 (about 1 years ago)