CVE-2014-4717
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
03/07/2014
Last modified:
12/04/2025
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sharethis:simple_share_buttons_adder:*:*:*:*:*:wordpress:*:* | 4.4 (including) | |
| cpe:2.3:a:sharethis:simple_share_buttons_adder:1.0:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:1.1:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:1.2:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:1.3:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:1.4:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:1.5:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:1.6:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:1.7:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:1.8:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:1.9:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:2.0:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:2.1:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:2.2:*:*:*:*:wordpress:*:* | ||
| cpe:2.3:a:sharethis:simple_share_buttons_adder:2.3:*:*:*:*:wordpress:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html
- http://seclists.org/fulldisclosure/2014/Jun/138
- https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder
- https://wordpress.org/plugins/simple-share-buttons-adder/changelog
- http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html
- http://seclists.org/fulldisclosure/2014/Jun/138
- https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder
- https://wordpress.org/plugins/simple-share-buttons-adder/changelog