QID 730596
Date Published: 2022-08-17
QID 730596: WordPress Shareaholic Plugin Information Disclosure Vulnerability
The Professional Social Sharing Buttons, Icons and Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in versions prior to 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
Affected Versions:
Shareaholic Plugin prior to version 9.7.6
QID Detection Logic (Unauthenticated) :
This QID checks for vulnerable Shareaholic plugin by sending a crafted payload to the webserver.
Successful exploitation of the vulnerability may allow Information Disclosure.
Solution
The issue has been fixed in version 9.7.6. For more information please refer to CVE-2022-0594
Vendor References
- CVE-2022-0594 -
wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1
CVEs related to QID 730596
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| CVE-2022-0594 |
|