CVE-2014-4717
NONE EPSS 84.8%
Published Jul 3, 201412y ago · Modified Jun 17, 20262w ago
Published Jul 3, 2014 12y ago
Last Modified Jun 17, 2026 2w ago
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
Threat Intelligence
EPSS Exploit Probability
84.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-352 Cross-Site Request Forgery (CSRF) Authentication
Affected Products 35
| Vendor | Product | Version | Range |
|---|---|---|---|
| sharethis | simple_share_buttons_adder | * | ≤4.4 |
| sharethis | simple_share_buttons_adder | 1.0 | any |
| sharethis | simple_share_buttons_adder | 1.1 | any |
| sharethis | simple_share_buttons_adder | 1.2 | any |
| sharethis | simple_share_buttons_adder | 1.3 | any |
| sharethis | simple_share_buttons_adder | 1.4 | any |
| sharethis | simple_share_buttons_adder | 1.5 | any |
| sharethis | simple_share_buttons_adder | 1.6 | any |
| sharethis | simple_share_buttons_adder | 1.7 | any |
| sharethis | simple_share_buttons_adder | 1.8 | any |
| sharethis | simple_share_buttons_adder | 1.9 | any |
| sharethis | simple_share_buttons_adder | 2.0 | any |
| sharethis | simple_share_buttons_adder | 2.1 | any |
| sharethis | simple_share_buttons_adder | 2.2 | any |
| sharethis | simple_share_buttons_adder | 2.3 | any |
| sharethis | simple_share_buttons_adder | 2.4 | any |
| sharethis | simple_share_buttons_adder | 2.5 | any |
| sharethis | simple_share_buttons_adder | 2.6 | any |
| sharethis | simple_share_buttons_adder | 2.7 | any |
| sharethis | simple_share_buttons_adder | 2.8 | any |
| sharethis | simple_share_buttons_adder | 2.9 | any |
| sharethis | simple_share_buttons_adder | 3.0 | any |
| sharethis | simple_share_buttons_adder | 3.1 | any |
| sharethis | simple_share_buttons_adder | 3.2 | any |
| sharethis | simple_share_buttons_adder | 3.3 | any |
| sharethis | simple_share_buttons_adder | 3.4 | any |
| sharethis | simple_share_buttons_adder | 3.5 | any |
| sharethis | simple_share_buttons_adder | 3.6 | any |
| sharethis | simple_share_buttons_adder | 3.7 | any |
| sharethis | simple_share_buttons_adder | 3.8 | any |
| sharethis | simple_share_buttons_adder | 3.9 | any |
| sharethis | simple_share_buttons_adder | 4.0 | any |
| sharethis | simple_share_buttons_adder | 4.1 | any |
| sharethis | simple_share_buttons_adder | 4.2 | any |
| sharethis | simple_share_buttons_adder | 4.3 | any |
References 4
- packetstormsecurity.com http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html
- seclists.org http://seclists.org/fulldisclosure/2014/Jun/138
- security.dxw.com https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder
- wordpress.org https://wordpress.org/plugins/simple-share-buttons-adder/changelog
Remediation
- wordpress.org https://wordpress.org/plugins/simple-share-buttons-adder/changelog