PT-2022-14194 · WordPress · Toolbar To Share

🗓️ 13 Jun 2022 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

Toolbar To Share plugin up to 2.0 lacks nonce validation on comparte page, enabling forged requests.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2022-1918	13 Jun 202216:17	–	circl
CNNVD	WordPress plugin ToolBar to Share 跨站请求伪造漏洞	13 Jun 202200:00	–	cnnvd
CNVD	WordPress ToolBar to Share plugin跨站点请求伪造漏洞	15 Jun 202200:00	–	cnvd
CVE	CVE-2022-1918	13 Jun 202212:46	–	cve
Cvelist	CVE-2022-1918 ToolBar to Share <= 2.0 - Cross-Site Request Forgery to Cross-Site Scripting	13 Jun 202212:46	–	cvelist
EUVD	EUVD-2022-25190	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1918	13 Jun 202213:15	–	nvd
OSV	CVE-2022-1918	13 Jun 202213:15	–	osv
Patchstack	WordPress ToolBar to Share plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)	9 Jun 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	13 Jun 202213:15	–	prion

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/toolbar-to-share/trunk/toolbartoshare.php
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-1918
t	www.t.me/cibsecurity/44281
wordfence	www.wordfence.com/vulnerability-advisories/
t	www.t.me/cvenotify/67023
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/fbda7670-179a-41ed-8ec9-ae7f5102e645
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

11 Jan 2024 00:00Current

8.4High risk

Vulners AI Score8.4

CVSS 3.18.8

CVSS 26.8

EPSS0.00267

missing nonce validation cross site forgery comparte page update settings forged requests WordPress plugin