Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
References
Configurations
Configuration 1 (hide)
|
History
15 Nov 2022, 17:34
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sharethis
Sharethis simple Share Buttons Adder |
|
CPE | cpe:2.3:a:davidsneal:simple_share_buttons_adder:1.0:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:1.2:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:3.6:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:4.0:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:2.9:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:2.1:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:2.4:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:1.7:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:1.8:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:2.6:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:2.2:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:3.7:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:4.2:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:3.9:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:*:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:3.5:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:3.4:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:1.6:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:2.8:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:3.3:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:1.4:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:3.0:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:1.1:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:3.8:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:2.0:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:2.3:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:3.2:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:4.3:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:1.9:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:3.1:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:4.1:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:2.7:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:1.3:*:*:*:*:wordpress:*:* cpe:2.3:a:davidsneal:simple_share_buttons_adder:2.5:*:*:*:*:wordpress:*:* |
cpe:2.3:a:sharethis:simple_share_buttons_adder:3.7:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:2.9:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:3.9:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:3.6:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:3.5:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:3.2:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:1.3:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:1.4:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:*:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:2.7:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:2.2:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:4.2:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:2.0:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:2.4:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:1.0:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:3.3:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:1.5:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:2.8:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:3.1:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:1.7:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:2.6:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:2.3:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:1.9:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:1.2:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:2.1:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:1.8:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:3.4:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:4.1:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:4.0:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:1.1:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:3.8:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:2.5:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:3.0:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:1.6:*:*:*:*:wordpress:*:* cpe:2.3:a:sharethis:simple_share_buttons_adder:4.3:*:*:*:*:wordpress:*:* |
Information
Published : 2014-07-03 14:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-4717
Mitre link : CVE-2014-4717
CVE.ORG link : CVE-2014-4717
JSON object : View
Products Affected
sharethis
- simple_share_buttons_adder
CWE
CWE-352
Cross-Site Request Forgery (CSRF)