WordPress Plugin Vulnerabilities

Social Share Boost <= 4.5 - Plugin Settings Update via CSRF

Description

The plugin does not have CSRF checks in the syntatical_settings_content, which could allow attackers to make logged in users update plugin settings via CSRF attacks

Affects Plugins

Plugin icon
social-share-boost
No known fix

References

CVE
CVE-2023-25033

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
fe15519e-8324-44c9-bf6e-32d2ea7c54f0

Timeline

Publicly Published
2023-08-28 (about 2 years ago)
Added
2023-09-01 (about 2 years ago)
Last Updated
2023-09-01 (about 2 years ago)

Other

Published
Title
Published
2025-12-31
Title
Post Snippets < 4.0.12 - Cross-Site Request Forgery
Published
2024-10-18
Title
Most And Least Read Posts Widget < 2.5.19 - Cross-Site Request Forgery via most_and_least_read_posts_options
Published
2025-03-28
Title
KK I Like It <= 1.7.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-01-27
Title
Full Circle <= 0.5.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-06-05
Title
WP Maintenance Mode & Site Under Construction < 4.4 - Cross-Site Request Forgery