SQL Injection Vulnerability in Richteam Share Buttons - Social Media
CVE-2024-55982

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Share Buttons – Social Media
Vendor: CVE Published:; 16 December 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 16%

Summary

The vulnerability CVE-2024-55982 is classified as an SQL Injection flaw found in the Richteam Share Buttons – Social Media plugin for WordPress. This security issue allows attackers to exploit improper neutralization of special elements in SQL commands, which can lead to blind SQL injection attacks. This vulnerability affects all versions of the plugin up to 1.0.2, making it critical for users to take immediate action to secure their sites from potential exploitation. It's essential for website administrators using this plugin to apply the necessary patches and updates or consider alternative solutions to protect their web applications.

Affected Version(s)

Share Buttons – Social Media <= 1.0.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-55982
Created by RandomRobbieBF

References

https://patchstack.com/database/wordpress/plugin/rich-web...

vdb-entry

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Jan 3, 2025
👾
Exploit known to exist
Jan 3, 2025
Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

LVT-tholv2k (Patchstack Alliance)