Multidots: >> Add Social Share Messenger Buttons Whatsapp And Viber Security Vulnerabilities
An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-05-31