Vulnerability Description
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ultimatelysocial | Social Media Share Buttons \& Social Sharing Icons | < 2.8.6 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-iconsPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8aPatchThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-iconsPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8aPatchThird Party Advisory
FAQ
What is CVE-2023-5070?
CVE-2023-5070 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. Th...
How severe is CVE-2023-5070?
CVE-2023-5070 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5070?
Check the references section above for vendor advisories and patch information. Affected products include: Ultimatelysocial Social Media Share Buttons \& Social Sharing Icons.