cleantalk
Vulnerabilities and Security Researches

Simple Share Buttons Adder, CVE-2014-4717

CVE, Research URL

CVE-2014-4717

Home page URL

Security reports for Simple Share Buttons Adder

Application

Simple Share Buttons Adder

Published on
Jul 03, 2014
Research Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
Affected versions
max 4.5.
Status
vulnerable
Previous vulnerability researches
Simple Share Buttons Adder , Jun 06, 2024
Simple Share Buttons Adder (CVE-2015-9303) , Jun 07, 2024
Simple Share Buttons Adder (CVE-2014-4717) , Jun 07, 2024
Simple Share Buttons Adder (CVE-2024-0621) , Jun 07, 2024
Simple Share Buttons Adder (CVE-2022-47178) , Jun 07, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026