WordPress Plugin Social Sharing-Kiwi Security Bypass (2.0.10) - Vulnerability Database

WordPress Plugin Social Sharing-Kiwi Security Bypass (2.0.10)

Description

WordPress Plugin Social Sharing-Kiwi is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change option values that would permit to turn on user registration. WordPress Plugin Social Sharing-Kiwi version 2.0.10 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.11 or latest

References

https://www.pluginvulnerabilities.com/2018/11/12/full-disclosure-of-option-update-vulnerability-in-wordpress-plugin-with-30000-installs/

https://pvagenas.com/vulnerabilities/kiwi-social-share-social-media-share-buttons-icons-privilege-escalation/

https://blog.nintechnet.com/critical-vulnerability-in-wordpress-kiwi-social-sharing-plugin-actively-exploited/

https://plugins.svn.wordpress.org/kiwi-social-share/trunk/readme.txt

Related Vulnerabilities

Severity

High

Classification

CWE-264

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N