CVE-2021-4362
published 2023-06-07CVE-2021-4362: The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option()…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.42%
69.4th percentile
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpkube | kiwi_social_share | — | — |
| wpkube | social_sharing_plugin_kiwi | 2.1.0 – 2.1.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://blog.nintechnet.com/wordpress-kiwi-social-sharing-plugin-fixed-critical-vulnerability/https://wordpress.org/plugins/kiwi-social-share/#developershttps://www.wordfence.com/threat-intel/vulnerabilities/id/8148b6d0-190a-4b97-8af7-edd6943116d1?source=cvehttps://blog.nintechnet.com/wordpress-kiwi-social-sharing-plugin-fixed-critical-vulnerability/https://wordpress.org/plugins/kiwi-social-share/#developershttps://www.wordfence.com/threat-intel/vulnerabilities/id/8148b6d0-190a-4b97-8af7-edd6943116d1?source=cve
2023-06-07
Published