Social Media API Key Leakage vulnerability found by @fs0c131y in WordPress Social Network Tabs premium plugin (versions <=1.7.1).
## Solution
26 January 2019 - we were unable to find any information about the patched version of this plugin. We recommend to deactivate and delete this plugin from your WordPress site.
{"id": "PATCHSTACK:98AC6641791E073237756D031B267F97", "vendorId": null, "type": "patchstack", "bulletinFamily": "software", "title": "WordPress Social Network Tabs premium plugin <=1.7.1 - Social Media API Key Leakage vulnerability", "description": "Social Media API Key Leakage vulnerability found by @fs0c131y in WordPress Social Network Tabs premium plugin (versions <=1.7.1).\n\n## Solution\n\n\r\n 26 January 2019 - we were unable to find any information about the patched version of this plugin. We recommend to deactivate and delete this plugin from your WordPress site.\r\n ", "published": "2019-01-17T00:00:00", "modified": "2019-01-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://patchstack.com/database/vulnerability/social-network-tabs/wordpress-social-network-tabs-premium-plugin-1-7-1-social-media-api-key-leakage-vulnerability", "reporter": "@fs0c131y", "references": ["http://www.designchemical.com/blog/index.php/premium-wordpress-plugins/premium-wordpress-plugin-social-network-tabs/"], "cvelist": ["CVE-2018-20555"], "immutableFields": [], "lastseen": "2022-06-01T19:37:33", "viewCount": 1, "enchantments": {"score": {"value": 3.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-20555"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310141896"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:44E103CF-57B4-4E6C-816F-DCF94C898F4D"]}]}, "affected_software": {"major_version": [{"name": "social network tabs", "version": 1}]}, "vulnersScore": 3.6}, "_state": {"score": 1660007784, "dependencies": 1660004461, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "e4da0e19c403cb50c3494bec3bd039b9"}, "affectedSoftware": [{"version": "1.7.1", "operator": "le", "name": "social network tabs"}], "vendor_cvss": {"score": "3.1", "severity": "Unknown severity"}, "owasp": "A6: Sensitive Data Exposure", "classification": "Sensitive Data Exposure"}
{"cve": [{"lastseen": "2022-03-23T15:53:53", "description": "The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-21T16:00:00", "type": "cve", "title": "CVE-2018-20555", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20555"], "modified": "2019-04-16T14:12:00", "cpe": ["cpe:/a:designchemical:social_network_tabs:1.7.1"], "id": "CVE-2018-20555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20555", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:designchemical:social_network_tabs:1.7.1:*:*:*:*:wordpress:*:*"]}], "wpvulndb": [{"lastseen": "2021-02-15T22:21:55", "bulletinFamily": "software", "cvelist": ["CVE-2018-20555"], "description": "According to the original researcher: \"The Wordpress Plugin called Social Network Tabs, made by the company Design Chemical, is leaking twice the Twitter access_token, access_token_secret, consumer_key and consumer_secret of their user which is leading to a takeover of their Twitter account.\"\n", "modified": "2020-09-22T07:26:42", "published": "2019-01-16T00:00:00", "id": "WPVDB-ID:44E103CF-57B4-4E6C-816F-DCF94C898F4D", "href": "https://wpscan.com/vulnerability/44e103cf-57b4-4e6c-816f-dcf94c898f4d", "type": "wpvulndb", "title": "Social Network Tabs - Social Media API Key Leakage", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-05-12T16:23:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20555"], "description": "The WordPress Plugin Social Network Tabs, made by the company Design Chemical,\nis leaking twice the Twitter access_token, access_token_secret, consumer_key and consumer_secret of their user\nwhich is leading to a takeover of their Twitter account.", "modified": "2020-05-08T00:00:00", "published": "2019-01-18T00:00:00", "id": "OPENVAS:1361412562310141896", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310141896", "type": "openvas", "title": "WordPress Social Network Tabs Plugin Information Disclosure Vulnerability", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.141896\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-18 16:44:12 +0700 (Fri, 18 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2018-20555\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n script_name(\"WordPress Social Network Tabs Plugin Information Disclosure Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_wordpress_detect_900182.nasl\");\n script_mandatory_keys(\"wordpress/installed\");\n\n script_tag(name:\"summary\", value:\"The WordPress Plugin Social Network Tabs, made by the company Design Chemical,\nis leaking twice the Twitter access_token, access_token_secret, consumer_key and consumer_secret of their user\nwhich is leading to a takeover of their Twitter account.\");\n\n script_tag(name:\"vuldetect\", value:\"Tries to read the Twitter secrets.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/fs0c131y/CVE-2018-20555\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!dir = get_app_location(cpe: CPE, port: port))\n exit(0);\n\nif (dir == \"/\")\n dir = \"\";\n\nurl = dir + \"/\";\nres = http_get_cache(port: port, item: url);\n\nif (\"social-network-tabs/inc/dcwp_twitter.php\" >< res) {\n if ('\"access_token: \"' >< res || 'access_token_secret: \"' >< res || 'consumer_key: \"' >< res ||\n 'consumer_secret: \"' >< res) {\n report = 'It was possible to read the twitter secrets in the source code of ' +\n http_report_vuln_url(port: port, url: url, url_only: TRUE);\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
WordPress Social Network Tabs premium plugin <=1.7.1 - Social Media API Key Leakage vulnerability
