CVE-2023-5070

2023-10-2008:15:12

CWE-200

[email protected]

web.nvd.nist.gov

wordpress

vulnerability

social media

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.4%

JSON

The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.

Affected configurations

Nvd

Node

ultimatelysocialsocial_media_share_buttons_\&_social_sharing_iconsRange<2.8.6wordpress

VendorProductVersionCPE
ultimatelysocialsocial_media_share_buttons_\&_social_sharing_icons*cpe:2.3:a:ultimatelysocial:social_media_share_buttons_\&_social_sharing_icons:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
ultimatelysocial	social_media_share_buttons_\&_social_sharing_icons	*	cpe:2.3:a:ultimatelysocial:social_media_share_buttons_\&_social_sharing_icons::::::wordpress::*

References

plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-icons/tags/2.8.6/libs/controllers/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php

www.wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8a3-52d437f0e00d?source=cve