Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36890: WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.

CVE
Open in Source
#csrf#vulnerability#wordpress

Not fixed

4.3

CVSS 3.1 score Medium severity

Monitoring Coming soon

Software

Social Share Buttons by Supsystic

Vulnerable versions

<= 2.2.2

PSID

55c61e6d8a44

Classification

Cross Site Request Forgery (CSRF)

OWASP Top 10

A5: Broken Access Control

Credits

Rasi Afeef (Patchstack Alliance)

Publicly disclosed

2022-05-27

Details

Cross-Site Request Forgery (CSRF) vulnerability was discovered by Rasi Afeef (Patchstack Alliance) in the WordPress Social Share Buttons by Supsystic plugin (versions <= 2.2.2).

Solution

Deactivate and delete. No reply from the vendor. Plugin closed.

References

CVE-2021-36890 Plugin page

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE