cve/CVE-2014-4717.md at 7909e50b64548be2689e5ad0bc37714dc0608a96

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.

POC

Reference

http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html
http://seclists.org/fulldisclosure/2014/Jun/138
https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder

Github

https://github.com/Live-Hack-CVE/CVE-2014-4717

1.1 KiB Raw Blame History

CVE-2014-4717

Description

POC

Reference

Github

1.1 KiB

Raw Blame History