Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for social_share_buttons by supsystic

    CVE-2024-47330 (GCVE-0-2024-47330)

    Vulnerability from nvd – Published: 2024-09-26 02:38 – Updated: 2026-04-28 16:10
    VLAI
    Title
    Broken Access Control vulnerability on multiple WordPress plugins by Supsystic
    Summary
    Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Abdi Pranata (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T14:54:28.481734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T14:54:38.566Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "slider-by-supsystic",
              "product": "Slider by Supsystic",
              "vendor": "Supsystic",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.8.7",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.8.6",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "social-share-buttons-by-supsystic",
              "product": "Social Share Buttons by Supsystic",
              "vendor": "Supsystic",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.9",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Abdi Pranata (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.\u003cp\u003eThis issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:18.923Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-6-broken-access-control-vulnerability?_s_id=cve"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-9-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Slider by Supsystic to 1.8.7 or a higher version."
                }
              ],
              "value": "Update Slider by Supsystic to 1.8.7 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broken Access Control vulnerability on multiple WordPress plugins by Supsystic",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-47330",
        "datePublished": "2024-09-26T02:38:03.935Z",
        "dateReserved": "2024-09-24T13:00:47.393Z",
        "dateUpdated": "2026-04-28T16:10:18.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-33960 (GCVE-0-2022-33960)

    Vulnerability from nvd – Published: 2022-07-22 16:40 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
    Summary
    Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-06-09 00:00
    Credits
    Vulnerability discovered by m0ze (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:16:15.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-33960",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:28:12.308349Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:16:20.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Social Share Buttons by Supsystic (WordPress plugin)",
              "vendor": "Supsystic",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.3",
                  "status": "affected",
                  "version": "\u003c= 2.2.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by m0ze (Patchstack)"
            }
          ],
          "datePublic": "2022-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin \u003c= 2.2.3 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:43.955Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.4 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-06-09T08:34:00.000Z",
              "ID": "CVE-2022-33960",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Social Share Buttons by Supsystic (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.2.3",
                                "version_value": "2.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Supsystic"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by m0ze (Patchstack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin \u003c= 2.2.3 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.4 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-33960",
        "datePublished": "2022-07-22T16:40:37.518Z",
        "dateReserved": "2022-06-30T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:43.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-27235 (GCVE-0-2022-27235)

    Vulnerability from nvd – Published: 2022-07-22 16:43 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities
    Summary
    Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    Impacted products
    Date Public
    2022-06-09 00:00
    Credits
    Vulnerability discovered by m0ze (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:25:32.362Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27235",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:28:09.571481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:16:12.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Social Share Buttons by Supsystic (WordPress plugin)",
              "vendor": "Supsystic",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.3",
                  "status": "affected",
                  "version": "\u003c= 2.2.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by m0ze (Patchstack)"
            }
          ],
          "datePublic": "2022-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin \u003c= 2.2.3 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:39.374Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.4 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.3 - Multiple Broken Access Control vulnerabilities",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-06-09T08:45:00.000Z",
              "ID": "CVE-2022-27235",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.3 - Multiple Broken Access Control vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Social Share Buttons by Supsystic (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.2.3",
                                "version_value": "2.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Supsystic"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by m0ze (Patchstack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin \u003c= 2.2.3 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.4 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-27235",
        "datePublished": "2022-07-22T16:43:11.114Z",
        "dateReserved": "2022-06-30T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:39.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-1653 (GCVE-0-2022-1653)

    Vulnerability from nvd – Published: 2022-06-27 08:57 – Updated: 2024-08-03 00:10
    VLAI
    Title
    Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
    Summary
    The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Social Share Buttons by Supsystic Affected: 2.2.4 , < 2.2.4 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Social Share Buttons by Supsystic",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.2.4",
                  "status": "affected",
                  "version": "2.2.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it\u0027s ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-27T08:57:22.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Social Share Buttons by Supsystic \u003c 2.2.4 - Multiple CSRF",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1653",
              "STATE": "PUBLIC",
              "TITLE": "Social Share Buttons by Supsystic \u003c 2.2.4 - Multiple CSRF"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Social Share Buttons by Supsystic",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.2.4",
                                "version_value": "2.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it\u0027s ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1653",
        "datePublished": "2022-06-27T08:57:22.000Z",
        "dateReserved": "2022-05-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:10:03.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36890 (GCVE-0-2021-36890)

    Vulnerability from nvd – Published: 2022-05-31 19:30 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Date Public
    2022-05-27 00:00
    Credits
    Vulnerability discovered by Rasi Afeef (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:01:59.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-36890",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:29:27.107585Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:20:20.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Social Share Buttons by Supsystic (WordPress plugin)",
              "vendor": "supsystic.com",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.2",
                  "status": "affected",
                  "version": "\u003c= 2.2.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Rasi Afeef (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin \u003c= 2.2.2 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:36.295Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Deactivate and delete. No reply from the vendor. Plugin closed, closure is temporary, pending a full review."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-05-27T13:59:00.000Z",
              "ID": "CVE-2021-36890",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Social Share Buttons by Supsystic (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.2.2",
                                "version_value": "2.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "supsystic.com"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Rasi Afeef (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin \u003c= 2.2.2 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Deactivate and delete. No reply from the vendor. Plugin closed, closure is temporary, pending a full review."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2021-36890",
        "datePublished": "2022-05-31T19:30:51.204Z",
        "dateReserved": "2021-07-19T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:36.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-47330 (GCVE-0-2024-47330)

    Vulnerability from cvelistv5 – Published: 2024-09-26 02:38 – Updated: 2026-04-28 16:10
    VLAI
    Title
    Broken Access Control vulnerability on multiple WordPress plugins by Supsystic
    Summary
    Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Abdi Pranata (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T14:54:28.481734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T14:54:38.566Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "slider-by-supsystic",
              "product": "Slider by Supsystic",
              "vendor": "Supsystic",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.8.7",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.8.6",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "social-share-buttons-by-supsystic",
              "product": "Social Share Buttons by Supsystic",
              "vendor": "Supsystic",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.9",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Abdi Pranata (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.\u003cp\u003eThis issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:18.923Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-6-broken-access-control-vulnerability?_s_id=cve"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-9-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Slider by Supsystic to 1.8.7 or a higher version."
                }
              ],
              "value": "Update Slider by Supsystic to 1.8.7 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Broken Access Control vulnerability on multiple WordPress plugins by Supsystic",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-47330",
        "datePublished": "2024-09-26T02:38:03.935Z",
        "dateReserved": "2024-09-24T13:00:47.393Z",
        "dateUpdated": "2026-04-28T16:10:18.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-27235 (GCVE-0-2022-27235)

    Vulnerability from cvelistv5 – Published: 2022-07-22 16:43 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities
    Summary
    Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    Impacted products
    Date Public
    2022-06-09 00:00
    Credits
    Vulnerability discovered by m0ze (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:25:32.362Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27235",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:28:09.571481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:16:12.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Social Share Buttons by Supsystic (WordPress plugin)",
              "vendor": "Supsystic",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.3",
                  "status": "affected",
                  "version": "\u003c= 2.2.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by m0ze (Patchstack)"
            }
          ],
          "datePublic": "2022-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin \u003c= 2.2.3 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:39.374Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.4 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.3 - Multiple Broken Access Control vulnerabilities",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-06-09T08:45:00.000Z",
              "ID": "CVE-2022-27235",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.3 - Multiple Broken Access Control vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Social Share Buttons by Supsystic (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.2.3",
                                "version_value": "2.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Supsystic"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by m0ze (Patchstack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin \u003c= 2.2.3 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.4 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-27235",
        "datePublished": "2022-07-22T16:43:11.114Z",
        "dateReserved": "2022-06-30T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:39.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-33960 (GCVE-0-2022-33960)

    Vulnerability from cvelistv5 – Published: 2022-07-22 16:40 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
    Summary
    Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-06-09 00:00
    Credits
    Vulnerability discovered by m0ze (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:16:15.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-33960",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:28:12.308349Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:16:20.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Social Share Buttons by Supsystic (WordPress plugin)",
              "vendor": "Supsystic",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.3",
                  "status": "affected",
                  "version": "\u003c= 2.2.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by m0ze (Patchstack)"
            }
          ],
          "datePublic": "2022-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin \u003c= 2.2.3 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:43.955Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.2.4 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-06-09T08:34:00.000Z",
              "ID": "CVE-2022-33960",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Social Share Buttons by Supsystic (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.2.3",
                                "version_value": "2.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Supsystic"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by m0ze (Patchstack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin \u003c= 2.2.3 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.2.4 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-33960",
        "datePublished": "2022-07-22T16:40:37.518Z",
        "dateReserved": "2022-06-30T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:43.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-1653 (GCVE-0-2022-1653)

    Vulnerability from cvelistv5 – Published: 2022-06-27 08:57 – Updated: 2024-08-03 00:10
    VLAI
    Title
    Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
    Summary
    The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Social Share Buttons by Supsystic Affected: 2.2.4 , < 2.2.4 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Social Share Buttons by Supsystic",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.2.4",
                  "status": "affected",
                  "version": "2.2.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it\u0027s ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-27T08:57:22.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Social Share Buttons by Supsystic \u003c 2.2.4 - Multiple CSRF",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1653",
              "STATE": "PUBLIC",
              "TITLE": "Social Share Buttons by Supsystic \u003c 2.2.4 - Multiple CSRF"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Social Share Buttons by Supsystic",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.2.4",
                                "version_value": "2.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it\u0027s ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1653",
        "datePublished": "2022-06-27T08:57:22.000Z",
        "dateReserved": "2022-05-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:10:03.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36890 (GCVE-0-2021-36890)

    Vulnerability from cvelistv5 – Published: 2022-05-31 19:30 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Date Public
    2022-05-27 00:00
    Credits
    Vulnerability discovered by Rasi Afeef (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:01:59.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-36890",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:29:27.107585Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:20:20.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Social Share Buttons by Supsystic (WordPress plugin)",
              "vendor": "supsystic.com",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.2",
                  "status": "affected",
                  "version": "\u003c= 2.2.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Rasi Afeef (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin \u003c= 2.2.2 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:36.295Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Deactivate and delete. No reply from the vendor. Plugin closed, closure is temporary, pending a full review."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-05-27T13:59:00.000Z",
              "ID": "CVE-2021-36890",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Social Share Buttons by Supsystic plugin \u003c= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Social Share Buttons by Supsystic (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.2.2",
                                "version_value": "2.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "supsystic.com"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Rasi Afeef (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin \u003c= 2.2.2 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/social-share-buttons-by-supsystic/"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Deactivate and delete. No reply from the vendor. Plugin closed, closure is temporary, pending a full review."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2021-36890",
        "datePublished": "2022-05-31T19:30:51.204Z",
        "dateReserved": "2021-07-19T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:36.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }