CVE-2014-4717

Name of the Vulnerable Software and Affected Versions Simple Share Buttons Adder plugin versions prior to 4.5

Description The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is possible via the ssba share text parameter in a save action to "wp-admin/options-general.php", which is not properly handled in the homepage. Additionally, there are unspecified vectors related to Pages, Posts, Category/Archive pages, or post Excerpts.

Recommendations For versions prior to 4.5, update to version 4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/options-general.php" endpoint and avoiding the use of the ssba share text parameter in save actions until a patch is available.