Cross-Site Request Forgery Vulnerability in Analytify Simple Social Media Share Buttons
CVE-2026-34904

7.5HIGH

Key Information:

Vendor: WordPress
Status: Simple Social Media Share Buttons
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-34904?

The Analytify Simple Social Media Share Buttons plugin for WordPress contains a Cross-Site Request Forgery vulnerability, allowing unauthorized actions on behalf of an authenticated user. This issue affects versions from n/a up to 6.2.0, potentially compromising site integrity and allowing attackers to manipulate user sessions. Site owners should update to secure versions and apply best practices for mitigating CSRF risks.

Affected Version(s)

Simple Social Media Share Buttons <= 6.2.0

References

https://patchstack.com/database/wordpress/plugin/simple-s...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Mar 31, 2026

Credit

Carlos Ferreira | Patchstack Bug Bounty Program

CVE-2026-34904 Data

JSON