CVE-2022-1918

Name of the Vulnerable Software and Affected Versions ToolBar to Share plugin for WordPress versions up to, and including, 2.0

Description The issue is due to missing nonce validation on the plugin toolbar comparte page, making it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts via a forged request. This can happen if attackers can trick a site administrator into performing an action such as clicking on a link.

Recommendations For versions up to, and including, 2.0, update to a version that includes nonce validation on the plugin toolbar comparte page to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the plugin toolbar comparte page to minimize the risk of exploitation.