Social Media Share Buttons | MashShare <= 4.0.47 – Missing Authorization | CVE 2025-22319 | Plugin Vulnerabilities

Description

The MashShare – Social Media Share Buttons, Social Share Icons plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.0.47. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/47906d5e-b77f-4b40-b89e-0bd0ed82b2e5

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Trương Hữu Phúc (truonghuuphuc)

Verified

No

WPVDB ID

54ecb5b5-a48f-4159-b061-be576ac30941

Timeline

Publicly Published

2025-01-03 (about 1 year ago)

Added

2025-01-08 (about 1 year ago)

Last Updated

2025-01-08 (about 1 year ago)

Other

Published

Title

Published

2024-04-10

Title

Redirection < 1.2.0 - Subscriber+ Unauthorised Action Calls

Published

2025-12-03

Title

Custom Post Type UI < 1.18.1 - Unauthenticated Custom Post Type Modification

Published

2023-10-25

Title

WP EXtra < 6.3 - Missing Authorization to Arbitrary Email Sending

Published

2025-10-14

Title

Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure

Published

2025-08-14

Title

Thim Core <= 2.3.3 - Missing Authorization