WordPress Plugin Vulnerabilities

Simple Social Buttons < 5.1.1 - Unauthenticated Password Protected Post Access

Description

The plugin leaks password-protected post content to unauthenticated visitors in some meta tags

Proof of Concept

Affects Plugins

Plugin icon
simple-social-buttons
Fixed in 5.1.1

References

CVE
CVE-2023-5845

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając (CERT PL)
Submitter
Krzysztof Zając (CERT PL)
Submitter website
https://cert.pl
Submitter twitter
cert_polska_en
Verified
Yes
WPVDB ID
d5b59e9e-85e5-4d26-aebe-64757c8495fa

Timeline

Publicly Published
2023-11-06 (about 2 years ago)
Added
2023-11-06 (about 2 years ago)
Last Updated
2023-11-06 (about 2 years ago)

Other

Published
Title
Published
2025-04-03
Title
Booking Calendar and Notification <= 4.0.3 - Authentication Bypass
Published
2024-12-03
Title
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login < 1.8 - Authentication Bypass via WordPress.com OAuth provider
Published
2013-03-24
Title
Backupbuddy - importbuddy.php Restore Operation Persistence Weakness
Published
2014-08-01
Title
All in One SEO Pack <= 2.1.5 - Unspecified Privilege Escalation
Published
2014-08-01
Title
Profile Builder < 1.1.60 - Password Recovery Bypass