Vulnerability Details CVE-2023-5070
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.104
EPSS Ranking 92.8%
CVSS Severity
CVSS v3 Score 6.5
References
- https://plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-icons/tags/2.8.6/libs/controllers/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8a3-52d437f0e00d?source=cve
- https://plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-icons/tags/2.8.6/libs/controllers/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8a3-52d437f0e00d?source=cve
Products affected by CVE-2023-5070
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:-
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.6.9
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.7.0
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.7.1
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.7.2
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.7.3
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.7.4
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.7.5
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.7.7
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.7.8
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.7.9
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.8.0
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.8.2
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.8.3
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.8.4
-
cpe:2.3:a:ultimatelysocial:social_media_share_buttons_&_social_sharing_icons:2.8.5