Lucene search

WordfenceCVELIST:CVE-2024-3228

HistoryJul 09, 2024 - 8:33 a.m.

CVE-2024-3228 Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure

2024-07-0908:33:07

Wordfence

www.cve.org

social sharing

kiwi

wordpress

information exposure

vulnerable

unauthenticated access

password protected posts

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.2%

JSON

The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the ‘kiwi-nw-pinterest’ class. This makes it possible for unauthenticated attackers to view limited content from password protected posts.

CNA Affected

[
  {
    "vendor": "wpkube",
    "product": "Social Sharing Plugin – Kiwi",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.1.7",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3109786%40kiwi-social-share&new=3109786%40kiwi-social-share&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/896a038f-fe54-4120-842e-093ef236a898?source=cve

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.2%

JSON

Related for CVELIST:CVE-2024-3228