Sensitive Information Exposure in Social Media Share Buttons Plugin for WordPress
CVE-2023-5070

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Social Media Share Buttons & Social Sharing Icons
Vendor: CVE Published:; 20 October 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 10%

What is CVE-2023-5070?

The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is affected by a vulnerability that allows unauthorized users to export sensitive plugin settings. This includes exposure of social media authentication tokens, secrets, and application passwords, which could potentially lead to unauthorized access to user accounts and information. The flaw is found in the sfsi_save_export function and affects all versions up to and including 2.8.5, making it a serious concern for website administrators using this plugin on their platforms.

Affected Version(s)

Social Media Share Buttons & Social Sharing Icons * <= 2.8.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-5070
Created by RandomRobbieBF

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2975574/ulti...

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2023
🟡
Public PoC available
Oct 17, 2023
👾
Exploit known to exist
Oct 17, 2023
Vulnerability Reserved
Sep 19, 2023

Credit

Marco Wotschka