Lucene search
WPScanCVELIST:CVE-2022-0594HistoryJul 25, 2022 - 12:45 p.m.
CVE-2022-0594 Shareaholic < 9.7.6 - Information Disclosure
2022-07-2512:45:37
CWE-863
WPScan
www.cve.org
4
cve-2022-0594
shareaholic plugin
information disclosure
ajax action
unauthenticated users
authorization check
active plugins
php version
curl version
wordpress version
EPSS
0.002
Percentile
56.3%
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
CNA Affected
[
{
"product": "Professional Social Sharing Buttons, Icons & Related Posts β Shareaholic",
"vendor": "Unknown",
"versions": [
{
"lessThan": "9.7.6",
"status": "affected",
"version": "9.7.6",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
WordPress plugin ShareaholicδΏ‘ζ―ζ³ι²ζΌζ΄
2022-07-27 00:00:00
cve
cve
CVE-2022-0594
2022-07-25 13:15:08
patchstack
patchstack
WordPress Shareaholic <= 9.7.5 - Information Disclosure vulnerability
2022-07-04 00:00:00
nuclei
nuclei
WordPress Shareaholic <9.7.6 - Information Disclosure
2022-07-29 17:40:41
nvd
nvd
CVE-2022-0594
2022-07-25 13:15:08
prion
prion
Sql injection
2022-07-25 13:15:00
wpexploit
wpexploit
Shareaholic < 9.7.6 - Information Disclosure
2022-07-04 00:00:00
wpvulndb
wpvulndb
Shareaholic < 9.7.6 - Information Disclosure
2022-07-04 00:00:00