WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
CVE-2022-33960

8.5HIGH

Key Information:

Vendor: Wordpress
Status: Social Share Buttons By Supsystic (WordPress Plugin)
Vendor: CVE Published:; 9 June 2022

Summary

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.

Affected Version(s)

Social Share Buttons by Supsystic (WordPress plugin) <= 2.2.3 <= 2.2.3

References

https://wordpress.org/plugins/social-share-buttons-by-sup...

x_refsource_CONFIRM

https://patchstack.com/database/vulnerability/social-shar...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability Reserved
Jun 30, 2022
Vulnerability published
Jun 9, 2022

Credit

Vulnerability discovered by m0ze (Patchstack)