Description

WordPress Plugin Really Simple Share is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Really Simple Share version 2.9.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.10.5 or latest

References

http://secunia.com/advisories/54707/

http://www.securityfocus.com/bid/62268/

Related Vulnerabilities

Drupal Core 8.8.x Multiple Cross-Site Scripting Vulnerabilities (8.8.0 - 8.8.9)

WordPress Plugin Let Them Unsubscribe Multiple Unspecified Vulnerabilities (1.0)

WordPress Plugin Social Media Widget by Acurax Multiple Unspecified Vulnerabilities (3.2.3)

WordPress Plugin WP Job Manager PHP Object Injection (1.29.2)

WordPress Plugin MyBlogU Cross-Site Scripting (0.0.7)

Severity

High

Classification

CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update CSRF