2 matches found
CVE-2018-11632
An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings via...
CVE-2018-11632
The CVE-2018-11632 issue affects the WordPress plugin Add Social Share Messenger Buttons Whatsapp and Viber (version 1.0.8) by lack of nonce/capability checks in whatsapp_share_setting_add_update(), enabling CSRF to change settings when an admin visits a crafted URL via spear phishing/social engi...