WordPress Plugin Vulnerabilities

Social Media Share Buttons & Social Sharing Icons < 2.8.6 - Subscriber+ Sensitive Information Exposure

Description

The plugin exposes sensitive information to unauthenticated users.

Affects Plugins

Plugin icon
ultimate-social-media-icons
Fixed in 2.8.6

References

CVE
CVE-2023-5070

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
641388b1-c268-468f-a75b-ec257e678ad0

Timeline

Publicly Published
2023-10-16 (about 2 years ago)
Added
2023-10-20 (about 2 years ago)
Last Updated
2023-10-20 (about 2 years ago)

Other

Published
Title
Published
2025-10-31
Title
WP Discourse < 2.6.0 - Authenticated (Author+) Information Exposure
Published
2024-08-08
Title
Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure
Published
2022-08-01
Title
Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure
Published
2025-07-16
Title
JetPopup < 2.0.15.1 - Authenticated (Subscriber+) Information Disclosure
Published
2024-07-11
Title
WP Popups – WordPress Popup builder < 2.2.0.2 - Unauthenticated Full Path Disclosure