Path Traversal Vulnerability Affects Easy Social Share Buttons
CVE-2024-31300

8.5HIGH

Key Information:

Vendor: WordPress
Status: Easy Social Share Buttons
Vendor: CVE Published:; 17 May 2024

Summary

The vulnerability in Easy Social Share Buttons by Appscreo arises from improper limitations of pathname access, potentially allowing unauthorized file inclusion through PHP. This flaw could permit an attacker to exploit the application by injecting malicious payloads, leveraging sensitive files on the server. Versions of Easy Social Share Buttons from n/a through 9.4 are affected, necessitating prompt remediation to mitigate the risks associated with this security issue.

Affected Version(s)

Easy Social Share Buttons <= 9.4

References

https://patchstack.com/database/vulnerability/easy-social...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

Rafie Muhammad (Patchstack)