Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Sharebar by Unknown

    CVE-2022-1626 (GCVE-0-2022-1626)

    Vulnerability from nvd – Published: 2022-07-11 12:56 – Updated: 2024-08-03 00:10
    VLAI
    Title
    Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF
    Summary
    The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Sharebar Affected: 1.4.1 , ≤ 1.4.1 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.787Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3d1f90d9-45da-42f8-93f8-15c8a4ff90ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sharebar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.1",
                  "status": "affected",
                  "version": "1.4.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-11T12:56:06.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/3d1f90d9-45da-42f8-93f8-15c8a4ff90ca"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sharebar \u003c= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1626",
              "STATE": "PUBLIC",
              "TITLE": "Sharebar \u003c= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sharebar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.4.1",
                                "version_value": "1.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/3d1f90d9-45da-42f8-93f8-15c8a4ff90ca",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/3d1f90d9-45da-42f8-93f8-15c8a4ff90ca"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1626",
        "datePublished": "2022-07-11T12:56:06.000Z",
        "dateReserved": "2022-05-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:10:03.787Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1626 (GCVE-0-2022-1626)

    Vulnerability from cvelistv5 – Published: 2022-07-11 12:56 – Updated: 2024-08-03 00:10
    VLAI
    Title
    Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF
    Summary
    The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Sharebar Affected: 1.4.1 , ≤ 1.4.1 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.787Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3d1f90d9-45da-42f8-93f8-15c8a4ff90ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sharebar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.1",
                  "status": "affected",
                  "version": "1.4.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-11T12:56:06.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/3d1f90d9-45da-42f8-93f8-15c8a4ff90ca"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sharebar \u003c= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1626",
              "STATE": "PUBLIC",
              "TITLE": "Sharebar \u003c= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sharebar",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.4.1",
                                "version_value": "1.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/3d1f90d9-45da-42f8-93f8-15c8a4ff90ca",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/3d1f90d9-45da-42f8-93f8-15c8a4ff90ca"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1626",
        "datePublished": "2022-07-11T12:56:06.000Z",
        "dateReserved": "2022-05-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:10:03.787Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }