CVE-2025-15377

Name of the Vulnerable Software and Affected Versions Sosh Share Buttons plugin for WordPress versions prior to 1.1.1

Description The Sosh Share Buttons plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is a result of the absence of nonce validation within the admin page content function. An unauthenticated attacker could potentially modify the plugin’s settings by forging a request, provided they can deceive a site administrator into performing an action, such as clicking a malicious link.

Recommendations Update the Sosh Share Buttons plugin to version 1.1.1 or later.