WordPress Plugin Vulnerabilities

Social Share Buttons < 2.2.4 - Subscriber+ SQLi

Description

The plugin does not properly sanitise and escape some parameters before using them in SQL statements available to any authenticated users, leading to SQL injections

Affects Plugins

Plugin icon
social-share-buttons-by-supsystic
Fixed in 2.2.4

References

CVE
CVE-2022-33960

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.7 (high)

Miscellaneous

Original Researcher
m0ze
Verified
No
WPVDB ID
fdf4cfdb-0e38-45ed-8936-b9962530b92c

Timeline

Publicly Published
2022-06-09 (about 3 years ago)
Added
2022-07-25 (about 3 years ago)
Last Updated
2022-08-25 (about 3 years ago)

Other

Published
Title
Published
2024-05-23
Title
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
Published
2025-01-07
Title
WOOEXIM <= 5.0.0 - Authenticated (Administrator+) SQL Injection
Published
2022-11-17
Title
Buddybadges <= 1.0.0 - Admin+ SQLi
Published
2017-10-10
Title
Simple Login Log < 1.1.2 - Authenticated SQL Injection
Published
2025-01-24
Title
Bug Library < 2.1.5 - Authenticated (Contributor+) SQL Injection