WordPress Plugin Vulnerabilities

Social Sharing Plugin < 1.2.10 - Cross-Site Request Forgery in Settings

Description

The plugin is lacking CSRF check on its Settings form, which could allow attackers to make a logged in administrator change them.

Affects Plugins

Plugin icon
social-rocket
Fixed in 1.2.10

References

URL
https://jvn.jp/en/jp/JVN05502028/
URL
https://plugins.trac.wordpress.org/changeset/2325451

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Akio Furui
Verified
No
WPVDB ID
87ceec3e-adfa-4529-9f66-eff23035a19f

Timeline

Publicly Published
2020-07-22 (about 5 years ago)
Added
2020-07-22 (about 5 years ago)
Last Updated
2020-07-25 (about 5 years ago)

Other

Published
Title
Published
2024-07-19
Title
WP Fast Total Search < 1.70.236 - Cross-Site Request Forgery
Published
2025-01-03
Title
Notify Odoo < 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-04-11
Title
Email Marketing for WooCommerce by Omnisend < 1.14.4 - Cross-Site Request Forgery
Published
2025-03-11
Title
FTP Sync <= 1.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-09-28
Title
Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting