Unauthorized Data Modification in WPZOOM Social Icons Widget for WordPress
CVE-2026-4063

4.3MEDIUM

Key Information:

Vendor

WordPress
Status
Social Icons Widget & Block – Social Media Icons & Share Buttons
Vendor
CVE Published:
13 March 2026

What is CVE-2026-4063?

The Social Icons Widget & Block by WPZOOM for WordPress suffers from a vulnerability that allows unauthorized data modification. This flaw arises from a lacking capability check within the add_menu_item() method, which is tied to the admin_menu action. As a result, authenticated users with Subscriber-level permissions or higher can leverage this vulnerability to create a sharing configuration post without proper authorization. This action can lead to social sharing buttons being unintentionally injected into the content of all posts on the frontend, compromising the site's integrity and control over displayed content.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Social Icons Widget & Block – Social Media Icons & Share Buttons * <= 4.5.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/social-icons-w...
https://plugins.trac.wordpress.org/browser/social-icons-w...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

darkestmode
JSON
.