Welcome to WordPress Community Forum. Please login or sign up.

Mar 29, 2024, 04:25 AM

Login with username, password and session length

Shoutbox


Recent

Members
Stats
  • Total Posts: 55
  • Total Topics: 45
  • Online today: 6
  • Online ever: 136 (Apr 17, 2022, 11:37 PM)
Users Online
  • Users: 0
  • Guests: 1
  • Total: 1
1 Guest, 0 Users

WordPress Sharebar plugin <= 1.4.1 - Stored XSS via CSRF Vulnerability

Started by Kailash, Jun 15, 2022, 09:55 AM

Previous topic - Next topic

WordPress Premium Themes


Kailash

WordPress Sharebar plugin <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability

Plugin name: WordPress Sharebar plugin
Vulnerable versions: <= 1.4.1
Fixed in: N/A
CVE ID: CVE-2022-1626
Classification: Cross Site Request Forgery (CSRF)
Publicly disclosed: 2022-06-15

Vulnerability Details

Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Sharebar plugin (versions <= 1.4.1).

Solution

Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin Link: N/A

WordPress Premium Themes