Search criteria
6 vulnerabilities found for simple_share_buttons_adder by sharethis
FKIE_CVE-2024-4094
Vulnerability from fkie_nvd - Published: 2024-06-18 06:15 - Updated: 2025-03-18 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sharethis | simple_share_buttons_adder | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "28B4489B-B02B-4C9B-B16E-E8E0A7C2E8AA",
"versionEndExcluding": "8.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
},
{
"lang": "es",
"value": "El complemento Simple Share Buttons Adder de WordPress anterior a 8.5.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como editores, realizar ataques de cross site scripting incluso cuando unfiltered_html no est\u00e1 permitido."
}
],
"id": "CVE-2024-4094",
"lastModified": "2025-03-18T21:15:30.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-18T06:15:12.360",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-4717
Vulnerability from fkie_nvd - Published: 2014-07-03 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F38F458C-3EA4-4370-B1AB-78A67636908E",
"versionEndIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:1.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CD2FDC79-2BC7-451D-BA3F-B2C7F59870F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:1.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EB734828-A7A8-403F-8806-78BE25377CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:1.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EBAEF281-25E3-4D98-A156-2093DF0559E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:1.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1D33DD24-BFF1-4332-9F72-B4B768A557B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:1.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "762C03DF-D4C2-4C9B-8613-06840B3E2B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:1.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6987CAB7-FB0E-41AC-8071-4DFF3B3DC7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:1.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2B229ECA-0AE8-45ED-B72A-D8209D8C1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:1.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C41DA5D9-8312-4106-8938-45CB525634ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:1.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DE70A396-0CF4-4145-92D1-4D47B4486C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:1.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FC9C8D2E-28CC-4E5F-AFC6-9CAB6AF6C28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:2.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CE5AF53E-82D3-4276-A31D-F9EB4A059927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:2.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "99BD1124-94E0-4D4B-BCA1-5586CF3CFC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:2.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F4B2FF3B-64D3-4175-A495-15B76B8F2425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:2.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "79511F0F-635C-49DA-84C6-82E158127F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:2.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A5A93884-5E29-444E-A9CB-BF5BFEFD5A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:2.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2D3BF1FD-165D-46CE-8428-4B6471054FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:2.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A7281DDE-95B1-4B7A-8BF8-7F3C69CF9435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:2.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "32BD8F9B-029B-4BCD-9A5F-2C7479DAAFDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:2.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1715C875-1E6B-43E0-8CE2-6AA37F5E42E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:2.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6F3A0448-18E8-4B2D-937E-E4389757357C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:3.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A558B10E-B392-4253-9FFD-E2BA0E7BA10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:3.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0F476608-70F8-4315-961D-A24A09BAE390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:3.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4A8917DD-335D-4120-9F10-1416AB8E2669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:3.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EEDB49C5-7489-4526-8356-980733E28EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:3.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A2CC1837-178E-4FC2-B769-DF820E45AC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:3.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "87AAC98D-3C01-44F2-9120-D6B7C1329D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:3.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3530A203-80EB-4EDB-8CD8-C7B61B798D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:3.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7F21D0D4-D4EA-423D-AAE4-CC85C2C0B37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:3.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8FCC5F40-489F-4E53-BC04-38C68491258F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:3.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7964C879-CB09-491D-B3DD-567EF65B7C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:4.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B22AE55D-F204-4343-8C4A-D7D0B00EA756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:4.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "227AD810-542B-492D-BA0C-D54D89979920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:4.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "368AA701-4752-45A9-A4AE-DB86CE73FDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sharethis:simple_share_buttons_adder:4.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1A4E8F56-81A7-4911-B9BA-D89C83447A56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en el plugin Simple Share Buttons Adder anterior a 4.5 para WordPress permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que realizan ataques de XSS a trav\u00e9s del par\u00e1metro (1) ssba_share_text en una acci\u00f3n de guardar en wp-admin/options-general.php, lo cual no se maneja debidamente en la p\u00e1gina web principal, y vectores no especificados relacionado con las p\u00e1ginas (2) Pages, (3) Posts, (4) Category/Archive o (5) extractos de correos."
}
],
"id": "CVE-2014-4717",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-03T14:55:09.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-4094 (GCVE-0-2024-4094)
Vulnerability from cvelistv5 – Published: 2024-06-18 06:00 – Updated: 2025-03-18 20:25
VLAI?
Title
Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS
Summary
The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Simple Share Buttons Adder |
Affected:
0 , < 8.5.1
(semver)
|
Credits
Dmitrii Ignatyev
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4094",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T13:08:04.606354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:25:05.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Simple Share Buttons Adder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "8.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T06:00:02.301Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Simple Share Buttons Adder \u003c 8.5.1 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-4094",
"datePublished": "2024-06-18T06:00:02.301Z",
"dateReserved": "2024-04-23T19:09:47.392Z",
"dateUpdated": "2025-03-18T20:25:05.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4717 (GCVE-0-2014-4717)
Vulnerability from cvelistv5 – Published: 2014-07-03 14:00 – Updated: 2024-09-16 22:30
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:35.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
},
{
"name": "20140626 CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-03T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
},
{
"name": "20140626 CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"name": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder",
"refsource": "MISC",
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"name": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
},
{
"name": "20140626 CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4717",
"datePublished": "2014-07-03T14:00:00Z",
"dateReserved": "2014-07-03T00:00:00Z",
"dateUpdated": "2024-09-16T22:30:44.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4094 (GCVE-0-2024-4094)
Vulnerability from nvd – Published: 2024-06-18 06:00 – Updated: 2025-03-18 20:25
VLAI?
Title
Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS
Summary
The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Simple Share Buttons Adder |
Affected:
0 , < 8.5.1
(semver)
|
Credits
Dmitrii Ignatyev
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4094",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T13:08:04.606354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:25:05.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Simple Share Buttons Adder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "8.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T06:00:02.301Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Simple Share Buttons Adder \u003c 8.5.1 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-4094",
"datePublished": "2024-06-18T06:00:02.301Z",
"dateReserved": "2024-04-23T19:09:47.392Z",
"dateUpdated": "2025-03-18T20:25:05.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4717 (GCVE-0-2014-4717)
Vulnerability from nvd – Published: 2014-07-03 14:00 – Updated: 2024-09-16 22:30
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:35.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
},
{
"name": "20140626 CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-03T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
},
{
"name": "20140626 CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"name": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder",
"refsource": "MISC",
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"name": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
},
{
"name": "20140626 CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4717",
"datePublished": "2014-07-03T14:00:00Z",
"dateReserved": "2014-07-03T00:00:00Z",
"dateUpdated": "2024-09-16T22:30:44.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}