cleantalk
Vulnerabilities and Security Researches

Add Google +1 (Plus one) social share Button, CVE-2025-3866

CVE, Research URL

CVE-2025-3866

Home page URL

Security reports for Add Google +1 (Plus one) social share Button

Application

Add Google +1 (Plus one) social share Button

Published on
Apr 25, 2025
Research Description
The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the google-plus-one-share-button page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 1.0.0.
Status
vulnerable
Previous vulnerability researches
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2023-45640) , Jun 07, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2024-9649) , Oct 17, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2018-1000508) , Jun 07, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2018-1000511) , Jun 07, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2022-45842) , Jun 07, 2024
New vulnerability
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress (CVE-2025-2801) , Apr 27, 2025
Integração entre Eduzz e Woocommerce (CVE-2025-3906) , Apr 27, 2025
Xelion Webchat (CVE-2025-3058) , Apr 27, 2025
Breeze Display (CVE-2025-3749) , Apr 27, 2025
Add Google +1 (Plus one) social share Button (CVE-2025-3866) , Apr 27, 2025