Lucene search

PatchstackCVELIST:CVE-2024-31109

HistoryApr 02, 2024 - 5:31 p.m.

CVE-2024-31109 WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability

2024-04-0217:31:31

CWE-352

Patchstack

www.cve.org

woocommerce

social media

cross site scripting

csrf

vulnerability

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woocommerce-social-media-share-buttons",
    "product": "Woocommerce Social Media Share Buttons",
    "vendor": "Toastie Studio",
    "versions": [
      {
        "lessThanOrEqual": "1.3.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woocommerce-social-media-share-buttons/wordpress-woocommerce-social-media-share-buttons-plugin-1-3-0-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve