Headline
CVE-2022-33960: WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities - Patchstack
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
Verified
Fixed
8.5
CVSS 3.1 score High severity
Monitoring Coming soon
PSID
f385d8eeed79
Classification
SQL Injection
OWASP Top 10
A1: Injection
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-06-09
Details
Multiple Authenticated SQL Injection (SQLi) vulnerabilities were discovered by m0ze (Patchstack) in the WordPress Social Share Buttons by Supsystic plugin (versions <= 2.2.3).
Solution
Update the WordPress Social Share Buttons by Supsystic plugin to the latest available version (at least 2.2.4).
References
Related news
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330.