WordPress Plugin Vulnerabilities

Social Share Icons & Social Share Buttons < 3.6.3 - Missing Authorization to Notice Dismissal

Description

The Social Share Icons & Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 3.6.2. This makes it possible for unauthenticated attackers to dismiss notices.

Affects Plugins

Plugin icon
ultimate-social-media-plus
Fixed in 3.6.3

References

CVE
CVE-2024-32820
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/cce13008-a0f8-458f-ade5-450d0dcc966a

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
c93987ca-a304-4c36-b03b-ec22da6b5111

Timeline

Publicly Published
2024-04-29 (about 2 years ago)
Added
2024-04-29 (about 2 years ago)
Last Updated
2024-04-29 (about 2 years ago)

Other

Published
Title
Published
2022-11-21
Title
WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion
Published
2024-04-29
Title
SP Project & Document Manager <= 4.69 - Missing Authorization
Published
2026-01-19
Title
Custom Fonts – Host Your Fonts Locally < 2.1.17 - Missing Authorization to Unauthenticated Font Deletion
Published
2024-06-03
Title
Integrate Google Drive < 1.3.94 - Missing Authorization
Published
2023-11-09
Title
Animator < 3.0.11 - Missing Authorization to Plugin Settings Update