CVE-2022-1653

Name of the Vulnerable Software and Affected Versions Social Share Buttons by Supsystic WordPress plugin versions prior to 2.2.4

Description The issue allows an attacker to trick logged-in users into manipulating or changing plugin settings, as well as creating, deleting, and renaming projects and networks, due to the lack of CSRF checks in its ajax endpoints and admin pages.

Recommendations For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's admin pages and ajax endpoints to minimize the risk of exploitation.