cleantalk
Vulnerabilities and Security Researches

Social Sharing Plugin – Kiwi, CVE-2021-4362

CVE, Research URL

CVE-2021-4362

Home page URL

Security reports for Social Sharing Plugin – Kiwi

Application

Social Sharing Plugin – Kiwi

Published on
Jun 07, 2023
Research Description
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version.
Affected versions
Min -, max 2.1.3.
Status
vulnerable
Previous vulnerability researches
Social Sharing Plugin – Kiwi (e31cb8d2fef02dc018ce1f8277f44aa4e54ea489) , Jun 07, 2024
Social Sharing Plugin – Kiwi (CVE-2021-4362) , Jun 07, 2024
Social Sharing Plugin – Kiwi (CVE-2025-58790) , Sep 07, 2025
Social Sharing Plugin – Kiwi (CVE-2024-3228) , Jul 10, 2024
New vulnerability
Pixeline's Email Protector (CVE-2025-58982) , Sep 11, 2025
Include Me (CVE-2025-58983) , Sep 11, 2025
PagSeguro / PagBank Connect (CVE-2025-10142) , Sep 11, 2025
Duplicate Page and Post (CVE-2025-6189) , Sep 11, 2025
Advanced Settings (CVE-2025-58975) , Sep 10, 2025