Search criteria
6 vulnerabilities found for shareaholic by shareaholic
CVE-2023-4889 (GCVE-0-2023-4889)
Vulnerability from nvd – Published: 2023-11-15 06:40 – Updated: 2024-08-02 07:38
VLAI?
Summary
The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shareaholic | Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic |
Affected:
* , ≤ 9.7.8
(semver)
|
Credits
István Márton
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2995413/shareaholic#file51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Professional Social Sharing Buttons, Icons \u0026 Related Posts \u2013 Shareaholic",
"vendor": "shareaholic",
"versions": [
{
"lessThanOrEqual": "9.7.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \u0027shareaholic\u0027 shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T06:40:47.202Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2995413/shareaholic#file51"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-10T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-09-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-11-14T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4889",
"datePublished": "2023-11-15T06:40:47.202Z",
"dateReserved": "2023-09-11T13:12:21.502Z",
"dateUpdated": "2024-08-02T07:38:00.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0594 (GCVE-0-2022-0594)
Vulnerability from nvd – Published: 2022-07-25 12:45 – Updated: 2024-08-02 23:32
VLAI?
Title
Shareaholic < 9.7.6 - Information Disclosure
Summary
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic |
Affected:
9.7.6 , < 9.7.6
(custom)
|
Credits
Brandon James Roldan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Professional Social Sharing Buttons, Icons \u0026 Related Posts \u2013 Shareaholic",
"vendor": "Unknown",
"versions": [
{
"lessThan": "9.7.6",
"status": "affected",
"version": "9.7.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon James Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Professional Social Sharing Buttons, Icons \u0026 Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v \u003c 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T12:45:37",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Shareaholic \u003c 9.7.6 - Information Disclosure",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0594",
"STATE": "PUBLIC",
"TITLE": "Shareaholic \u003c 9.7.6 - Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Professional Social Sharing Buttons, Icons \u0026 Related Posts \u2013 Shareaholic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.7.6",
"version_value": "9.7.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon James Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Professional Social Sharing Buttons, Icons \u0026 Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v \u003c 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0594",
"datePublished": "2022-07-25T12:45:37",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9311 (GCVE-0-2014-9311)
Vulnerability from nvd – Published: 2015-04-14 14:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.szurek.pl/shareaholic-7603-xss.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131321/WordPress-Shareaholic-7.6.0.3-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/shareaholic/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-14T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.szurek.pl/shareaholic-7603-xss.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131321/WordPress-Shareaholic-7.6.0.3-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/shareaholic/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.szurek.pl/shareaholic-7603-xss.html",
"refsource": "MISC",
"url": "http://security.szurek.pl/shareaholic-7603-xss.html"
},
{
"name": "http://packetstormsecurity.com/files/131321/WordPress-Shareaholic-7.6.0.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131321/WordPress-Shareaholic-7.6.0.3-Cross-Site-Scripting.html"
},
{
"name": "https://wordpress.org/plugins/shareaholic/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/shareaholic/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9311",
"datePublished": "2015-04-14T14:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4889 (GCVE-0-2023-4889)
Vulnerability from cvelistv5 – Published: 2023-11-15 06:40 – Updated: 2024-08-02 07:38
VLAI?
Summary
The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shareaholic | Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic |
Affected:
* , ≤ 9.7.8
(semver)
|
Credits
István Márton
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2995413/shareaholic#file51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Professional Social Sharing Buttons, Icons \u0026 Related Posts \u2013 Shareaholic",
"vendor": "shareaholic",
"versions": [
{
"lessThanOrEqual": "9.7.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via \u0027shareaholic\u0027 shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T06:40:47.202Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2995413/shareaholic#file51"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-10T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-09-11T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-11-14T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4889",
"datePublished": "2023-11-15T06:40:47.202Z",
"dateReserved": "2023-09-11T13:12:21.502Z",
"dateUpdated": "2024-08-02T07:38:00.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0594 (GCVE-0-2022-0594)
Vulnerability from cvelistv5 – Published: 2022-07-25 12:45 – Updated: 2024-08-02 23:32
VLAI?
Title
Shareaholic < 9.7.6 - Information Disclosure
Summary
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic |
Affected:
9.7.6 , < 9.7.6
(custom)
|
Credits
Brandon James Roldan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Professional Social Sharing Buttons, Icons \u0026 Related Posts \u2013 Shareaholic",
"vendor": "Unknown",
"versions": [
{
"lessThan": "9.7.6",
"status": "affected",
"version": "9.7.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon James Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Professional Social Sharing Buttons, Icons \u0026 Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v \u003c 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T12:45:37",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Shareaholic \u003c 9.7.6 - Information Disclosure",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0594",
"STATE": "PUBLIC",
"TITLE": "Shareaholic \u003c 9.7.6 - Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Professional Social Sharing Buttons, Icons \u0026 Related Posts \u2013 Shareaholic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.7.6",
"version_value": "9.7.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon James Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Professional Social Sharing Buttons, Icons \u0026 Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v \u003c 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0594",
"datePublished": "2022-07-25T12:45:37",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9311 (GCVE-0-2014-9311)
Vulnerability from cvelistv5 – Published: 2015-04-14 14:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.szurek.pl/shareaholic-7603-xss.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131321/WordPress-Shareaholic-7.6.0.3-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/shareaholic/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-14T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.szurek.pl/shareaholic-7603-xss.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131321/WordPress-Shareaholic-7.6.0.3-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/shareaholic/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.szurek.pl/shareaholic-7603-xss.html",
"refsource": "MISC",
"url": "http://security.szurek.pl/shareaholic-7603-xss.html"
},
{
"name": "http://packetstormsecurity.com/files/131321/WordPress-Shareaholic-7.6.0.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131321/WordPress-Shareaholic-7.6.0.3-Cross-Site-Scripting.html"
},
{
"name": "https://wordpress.org/plugins/shareaholic/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/shareaholic/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9311",
"datePublished": "2015-04-14T14:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}