Description

WordPress Plugin Share Buttons by AddThis is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer.

Remediation

Install version 2.2.0 downloaded after June 21st, 2011 or latest

References

http://wordpress.org/news/2011/06/passwords-reset/

http://secunia.com/advisories/45027/

Related Vulnerabilities

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10378)

Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4077)

Java Unspesificed Vulnerability (CVE-2019-2816)

WordPress Plugin Statistics Remote Code Execution (1.8)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.26)

Severity

High

Classification

CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update