Cross-Site Request Forgery and XSS Vulnerabilities in Simple Share Buttons Adder Plugin for WordPress
CVE-2014-4717
Currently unrated
Summary
The Simple Share Buttons Adder plugin prior to version 4.5 for WordPress is affected by multiple cross-site request forgery vulnerabilities. These flaws allow remote attackers to exploit administrator sessions and perform unauthorized actions. Attackers can hijack authentication through malicious requests related to various parameters, including ssba_share_text within the save action on wp-admin/options-general.php. These vulnerabilities can lead to cross-site scripting (XSS) attacks across different site sections such as posts, pages, categories, and post excerpts, impacting site integrity and user data security.
References
Timeline
Vulnerability Reserved
Vulnerability published