CVE-2014-4717

NONE EPSS 84.8%
Published Jul 3, 201412y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 3, 2014 12y ago
Last Modified Jun 17, 2026 2w ago

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.

Threat Intelligence

EPSS Exploit Probability
84.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 35

VendorProductVersionRange
sharethissimple_share_buttons_adder* ≤4.4
sharethissimple_share_buttons_adder1.0any
sharethissimple_share_buttons_adder1.1any
sharethissimple_share_buttons_adder1.2any
sharethissimple_share_buttons_adder1.3any
sharethissimple_share_buttons_adder1.4any
sharethissimple_share_buttons_adder1.5any
sharethissimple_share_buttons_adder1.6any
sharethissimple_share_buttons_adder1.7any
sharethissimple_share_buttons_adder1.8any
sharethissimple_share_buttons_adder1.9any
sharethissimple_share_buttons_adder2.0any
sharethissimple_share_buttons_adder2.1any
sharethissimple_share_buttons_adder2.2any
sharethissimple_share_buttons_adder2.3any
sharethissimple_share_buttons_adder2.4any
sharethissimple_share_buttons_adder2.5any
sharethissimple_share_buttons_adder2.6any
sharethissimple_share_buttons_adder2.7any
sharethissimple_share_buttons_adder2.8any
sharethissimple_share_buttons_adder2.9any
sharethissimple_share_buttons_adder3.0any
sharethissimple_share_buttons_adder3.1any
sharethissimple_share_buttons_adder3.2any
sharethissimple_share_buttons_adder3.3any
sharethissimple_share_buttons_adder3.4any
sharethissimple_share_buttons_adder3.5any
sharethissimple_share_buttons_adder3.6any
sharethissimple_share_buttons_adder3.7any
sharethissimple_share_buttons_adder3.8any
sharethissimple_share_buttons_adder3.9any
sharethissimple_share_buttons_adder4.0any
sharethissimple_share_buttons_adder4.1any
sharethissimple_share_buttons_adder4.2any
sharethissimple_share_buttons_adder4.3any

References 4

  • packetstormsecurity.com http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html
    Exploit
  • seclists.org http://seclists.org/fulldisclosure/2014/Jun/138
    Exploit
  • security.dxw.com https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder
    Exploit
  • wordpress.org https://wordpress.org/plugins/simple-share-buttons-adder/changelog
    Patch

Remediation

  • wordpress.org https://wordpress.org/plugins/simple-share-buttons-adder/changelog
    Patch