CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-13883

The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'save_custom_css_request' function. This makes it possible for unauthenticated attackers to inject custom CSS to modify a site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.3%

CVSS Severity

CVSS v3 Score 4.3

References

https://plugins.trac.wordpress.org/browser/wpupper-share-buttons/trunk/Controller/ajax.controller.php#L94
https://www.wordfence.com/threat-intel/vulnerabilities/id/5ca55c87-6548-43b8-a23f-d31a51df9533?source=cve

Products affected by CVE-2024-13883

Victorfreitas » Wpupper Share Buttons » Version: Any

cpe:2.3:a:victorfreitas:wpupper_share_buttons:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13883

Products

Pricing

Contact Us