Description
WordPress Plugin Social Media Widget by Acurax is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Social Media Widget by Acurax version 3.2.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2.6 or latest
References
http://pvagenas.com/vulnerabilities/social-media-widget-acurax-csrf/
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2001-0334)
SharePoint CVE-2021-1717 Vulnerability (CVE-2021-1717)
WordPress Plugin Media Library Assistant SQL Injection (3.05)
WordPress Plugin NextGEN Gallery-WordPress Gallery 'nggallery-manage-gallery' HTML Injection (0.96)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.19)