WordPress Plugin Vulnerabilities

Shareaholic < 9.7.12 - Missing Authorization via accept_terms_of_service

Description

The Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'accept_terms_of_service' function in all versions up to, and including, 9.7.11. This makes it possible for authenticated attackers, with subscriber access and above, to accept the plugin's terms of service.

Affects Plugins

Plugin icon
shareaholic
Fixed in 9.7.12

References

CVE
CVE-2024-24709
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5cde239c-20bf-41fa-b7d6-e21b14dcbc22

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
a3227d8f-7e44-4c14-b04a-ee2671c02dc4

Timeline

Publicly Published
2024-01-31 (about 2 years ago)
Added
2024-02-05 (about 2 years ago)
Last Updated
2024-02-05 (about 2 years ago)

Other

Published
Title
Published
2025-12-11
Title
Masker for Elementor <= 1.1.4 - Missing Authorization
Published
2025-12-16
Title
WP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) < 4.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification
Published
2025-01-31
Title
Custom Related Posts < 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates
Published
2025-07-21
Title
Post SMTP < 3.3.0 - Subscriber+ Account Takeover via Email Log Exposure
Published
2024-05-31
Title
wpDataTables - Tables & Table Charts (Premium) < 6.4 - Missing Authorization to DataTable Access & Modification