CVE-2021-39321 — Deserialization of Untrusted Data in Social Share

CWE-502 — Deserialization of Untrusted Data CWE-863 — Incorrect Authorization3 documents3 sources

Severity

8.8HIGHNVD

EPSS

1.5%

top 18.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sassy Social Share Heateor Sassy Social Share

Timeline

PublishedOct 21

Latest updateMay 24

Description

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDheateor/sassy_social_share3.3.23

▶CVEListV5sassy_social_share/sassy_social_share3.3.23

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-pxqp-jhw5-pvjr: Version 3↗2022-05-24

▶

CVEList

Sassy Social Share 3.3.23 PHP Object Injection↗2021-10-21

▶