How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Social Sharing Plugin - Kiwi < 2.0.11 - Arbitrary WordPress Options Update

Description

The plugin allowed unauthenticated attackers to update and read arbitrary WordPress options.

Affects Plugins

kiwi-social-share

Fixed in version 2.0.11

References

URL

https://blog.nintechnet.com/critical-vulnerability-in-wordpress-kiwi-social-sharing-plugin-actively-exploited/

URL

https://plugins.trac.wordpress.org/changeset/1973204/kiwi-social-share/trunk/includes/lib/helpers/class-kiwi-social-share-helper.php?old=1922991&old_path=kiwi-social-share%2Ftrunk%2Fincludes%2Flib%2Fhelpers%2Fclass-kiwi-social-share-helper.php

Classification

Type

BYPASS

Miscellaneous

Submitter

Ryan Dewhurst

Submitter twitter

Verified

Yes

WPVDB ID

e387f08d-7c9c-4e54-9e2f-222def11216c

Timeline

Publicly Published

2018-11-12 (about 3 years ago)

Added

2018-12-07 (about 3 years ago)

Last Updated

2021-06-04 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin