PT-2022-13289 · WordPress · The Professional Social Sharing Buttons

Brandon James Roldan

Published

2022-07-25

Updated

2022-11-05

CVE-2022-0594

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin versions prior to 9.7.6

Description The issue is related to a lack of proper authorization check in one of the AJAX actions, allowing unauthorized access to retrieve sensitive information such as the list of active plugins and various version details like PHP, cURL, and WP. This affects unauthenticated users in versions prior to 9.7.5 and author+ users in version 9.7.5.

Recommendations For versions prior to 9.7.6, update to version 9.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable AJAX action until a patch is available.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2022-0594

Affected Products

The Professional Social Sharing Buttons

PT-2022-13289 · WordPress · The Professional Social Sharing Buttons

CVE-2022-0594

Weakness Enumeration

Related Identifiers

Affected Products

References · 4