cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forkiwi-social-share kiwi-social-share

Direction: ascending
Jun 07, 2024

Social Sharing Plugin – Kiwi # e31cb8d2fef02dc018ce1f8277f44aa4e54ea489

CVE, Research URL

e31cb8d2fef02dc018ce1f8277f44aa4e54ea489

Home page URL

Security reports for Social Sharing Plugin – Kiwi

Application

Social Sharing Plugin – Kiwi

Date
Jun 04, 2021
Research Description
Social Sharing Plugin &#8211; Kiwi [kiwi-social-share] < 2.0.11 (closed) WordPress Kiwi Social Sharing plugin <= 2.1.0 - Unauthenticated WordPress Options Change/Read vulnerability Unauthenticated WordPress Options Change/Read vulnerability discovered by NinTechNet in WordPress Kiwi Social Sharing plugin (versions <= 2.1.0).
Affected versions
Min -, max -.
Status
vulnerable

Social Sharing Plugin &#8211; Kiwi # CVE-2021-4362

CVE, Research URL

CVE-2021-4362

Home page URL

Security reports for Social Sharing Plugin &#8211; Kiwi

Application

Social Sharing Plugin &#8211; Kiwi

Date
Jun 07, 2023
Research Description
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version.
Affected versions
Min -, max -.
Status
vulnerable
Jul 10, 2024

Social Sharing Plugin &#8211; Kiwi # CVE-2024-3228

CVE, Research URL

CVE-2024-3228

Home page URL

Security reports for Social Sharing Plugin &#8211; Kiwi

Application

Social Sharing Plugin &#8211; Kiwi

Date
Jul 09, 2024
Research Description
The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts.
Affected versions
Min -, max -.
Status
vulnerable
Sep 07, 2025

Social Sharing Plugin &#8211; Kiwi # CVE-2025-58790

CVE, Research URL

CVE-2025-58790

Home page URL

Security reports for Social Sharing Plugin &#8211; Kiwi

Application

Social Sharing Plugin &#8211; Kiwi

Date
Sep 05, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Kiwi allows Stored XSS. This issue affects Kiwi: from n/a through 2.1.8.
Affected versions
Min -, max -.
Status
vulnerable