WordPress Plugin Vulnerabilities

Social Share Buttons by Supsystic < 2.2.4 - Subscriber+ Unauthorised Actions

Description

The plugin does not have proper access controls in some features, which could allow low privilege users to perform unauthorised actions

Affects Plugins

Plugin icon
social-share-buttons-by-supsystic
Fixed in 2.2.4

References

CVE
CVE-2022-27235

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
m0ze
Verified
No
WPVDB ID
a62bd9bf-3686-42d1-80b7-48eaed56c0f7

Timeline

Publicly Published
2022-06-09 (about 3 years ago)
Added
2022-07-24 (about 3 years ago)
Last Updated
2023-04-19 (about 3 years ago)

Other

Published
Title
Published
2021-10-05
Title
JobSearch WP Job Board < 1.8.2 - Unauthenticated Plugin's Settings Update
Published
2021-11-01
Title
Contest Gallery < 13.1.0.7 - Subscriber+ Email Address Disclosure
Published
2021-11-15
Title
Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access
Published
2024-02-08
Title
Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access
Published
2025-02-24
Title
Enfold < 7.0 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php