QwikSec

Security Database

CVE

CWE

Training

CVE-2022-0594

Published: Jul 25, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.

Vendor	Product	Versions
Unknown	Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic	affected `9.7.6 - < 9.7.6`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.