Description
WordPress Plugin AddToAny Share Buttons is prone to a host header injection vulnerability because it fails to properly validate an HTTP request header. A successful attack may allow attackers to insert a crafted host header to navigate the victim to the attacker's domain. WordPress Plugin AddToAny Share Buttons version 1.7.14 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.15 or latest
References
Related Vulnerabilities
WordPress Plugin Theme Blvd Shortcodes Multiple Security Bypass Vulnerabilities (1.5.2)
WordPress Plugin WP Upload Restriction Multiple Vulnerabilities (2.2.3)
WordPress Plugin Meteor Slides Cross-Site Scripting (1.5.6)
Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)