Sensitive Information Exposure in Social Media Share Buttons Plugin for WordPress
CVE-2023-5070

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
20 October 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 10%

What is CVE-2023-5070?

The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is affected by a vulnerability that allows unauthorized users to export sensitive plugin settings. This includes exposure of social media authentication tokens, secrets, and application passwords, which could potentially lead to unauthorized access to user accounts and information. The flaw is found in the sfsi_save_export function and affects all versions up to and including 2.8.5, making it a serious concern for website administrators using this plugin on their platforms.

Affected Version(s)

Social Media Share Buttons & Social Sharing Icons * <= 2.8.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

Credit

Marco Wotschka
.
The Cyber Security Vulnerability Database.