Sensitive Information Exposure in Social Media Share Buttons Plugin for WordPress
CVE-2023-5070
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 20 October 2023
Badges
What is CVE-2023-5070?
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is affected by a vulnerability that allows unauthorized users to export sensitive plugin settings. This includes exposure of social media authentication tokens, secrets, and application passwords, which could potentially lead to unauthorized access to user accounts and information. The flaw is found in the sfsi_save_export function and affects all versions up to and including 2.8.5, making it a serious concern for website administrators using this plugin on their platforms.
Affected Version(s)
Social Media Share Buttons & Social Sharing Icons * <= 2.8.5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
10% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability Reserved