cbcvebase.
CVE-2014-4717
published 2014-07-03

CVE-2014-4717: Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack…

PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.80%
84.7th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.

Affected

35 ranges· showing 25
VendorProductVersion rangeFixed in
sharethissimple_share_buttons_adder<= 4.4
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
sharethissimple_share_buttons_adder
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.