Vulnerabilities (CVE)

Filtered by vendor Multidots Subscribe
Filtered by product Add Social Share Messenger Buttons Whatsapp And Viber
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11632 1 Multidots 1 Add Social Share Messenger Buttons Whatsapp And Viber 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function.