WordPress Plugin Vulnerabilities

Sassy Social Share 3.3.23 - Missing Access Controls to PHP Object Injection

Description

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to a missing capability check in the import_config function found in the ~/admin/class-sassy-social-share-admin.php file along with the implementation of deserialization on user supplied inputs.

Proof of Concept

Affects Plugins

Plugin icon
sassy-social-share
Fixed in 3.3.24

References

CVE
CVE-2021-39321
URL
https://www.wordfence.com/blog/2021/10/vulnerability-patched-in-sassy-social-share-plugin/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
6.3 (medium)

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
https://wordfence.com
Submitter twitter
Wordfence
Verified
Yes
WPVDB ID
5cb2419e-44b6-4550-90d8-6ca1a81af633

Timeline

Publicly Published
2021-10-20 (about 4 years ago)
Added
2021-10-20 (about 4 years ago)
Last Updated
2022-04-11 (about 4 years ago)

Other

Published
Title
Published
2024-05-06
Title
ClickCease Click Fraud Protection < 3.2.5 - Improper Authorization to sensitive information exposure via get_settings
Published
2021-07-07
Title
WP Upload Restriction < 2.2.5 - Missing Access Control in getSelectedMimeTypesByRole
Published
2021-09-20
Title
Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change
Published
2021-04-20
Title
Redirection for Contact Form 7 < 2.3.4 - Unprotected AJAX Actions
Published
2021-01-13
Title
Elementor Contact Form DB < 1.6 - Unauthenticated & Unauthorised Form Submissions Export