Vulnerabilities and security researches forshared-counts shared-counts

Jun 07, 2024

CVE, Research URL: 06a7a225d79b3baf3dc9877f6353b722447d3baa
Home page URL: Security reports for Shared Counts – Social Media Share Buttons
Application: Shared Counts – Social Media Share Buttons
Date: May 07, 2024
Research Description: Shared Counts – Social Media Share Buttons [shared-counts] < 1.5.0 Shared Counts – Social Media Share Buttons <= 1.4.1 - Missing Authorization to Arbitrary Email Sending The Shared Counts – Social Media Share Buttons plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the email_ajax function. This makes it possible for unauthenticated attackers to send arbitrary emails.
Affected versions: Min -, max -.
Status: vulnerable