Security Advisory

CVE-2018-11632

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-05-31 20:00:00

Last updated 2024-09-16 16:53:32

Assigner mitre

State PUBLISHED

Description

An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. Theres no nonce or capability check in the whatsapp_share_setting_add_update() function.

← Browse all CVEs View on cve.org ↗