Refine your search

3 vulnerabilities found for Social Share Icons & Social Share Buttons by inisev

CVE-2023-38514 (GCVE-0-2023-38514)
Vulnerability from cvelistv5
Published
2024-12-13 14:23
Modified
2026-04-28 16:08
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE
Summary
Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.5.7.
References
Impacted products
Vendor Product Version
social share pro Social Share Icons & Social Share Buttons Version: n/a   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38514",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-13T18:23:59.538399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-13T18:24:22.032Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "ultimate-social-media-plus",
          "product": "Social Share Icons \u0026 Social Share Buttons",
          "vendor": "social share pro",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.5.8",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.5.7",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Istv\u00e1n M\u00e1rton (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMissing Authorization vulnerability in social share pro Social Share Icons \u0026 Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects Social Share Icons \u0026 Social Share Buttons: from n/a through 3.5.7.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in social share pro Social Share Icons \u0026 Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons \u0026 Social Share Buttons: from n/a through 3.5.7."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:08:34.275Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/ultimate-social-media-plus/vulnerability/wordpress-social-share-icons-social-share-buttons-plugin-3-5-7-broken-access-control?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No patched version is available."
            }
          ],
          "value": "No patched version is available."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Social Share Icons \u0026 Social Share Buttons plugin \u003c= 3.5.7 - Broken Access Control vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-38514",
    "datePublished": "2024-12-13T14:23:57.758Z",
    "dateReserved": "2023-07-18T17:33:34.154Z",
    "dateUpdated": "2026-04-28T16:08:34.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-0958 (GCVE-0-2023-0958)
Vulnerability from cvelistv5
Published
2023-07-28 04:37
Modified
2026-04-08 17:24
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE
Summary
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve
https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343
https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427
https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail=
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432
https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115
https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php
Impacted products
Vendor Product Version
inisev Redirection Version: 0    1.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:32:46.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8\u0026old=2923021\u0026new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9\u0026new=2923021\u0026sfp_email=\u0026sfph_mail="
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823769%40http-https-remover%2Ftags%2F3.2.3\u0026new=2944114%40http-https-remover%2Ftags%2F3.2.4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7\u0026new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720\u0026old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T20:01:32.204824Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T20:03:50.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Redirection",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "1.1.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pop-up",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "1.1.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "BackupBliss \u2013 Backup \u0026 Migration with Free Cloud Storage",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "1.2.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Duplicate Post",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "1.3.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Enhanced Text Widget",
          "vendor": "cl272",
          "versions": [
            {
              "lessThanOrEqual": "1.5.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultimate Posts Widget",
          "vendor": "cl272",
          "versions": [
            {
              "lessThanOrEqual": "2.2.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Clone",
          "vendor": "migrate",
          "versions": [
            {
              "lessThanOrEqual": "2.3.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Social Media Share Buttons \u0026 Social Sharing Icons",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "2.8.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SSL Mixed Content Fix",
          "vendor": "steve85b",
          "versions": [
            {
              "lessThanOrEqual": "3.2.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Social Share Icons \u0026 Social Share Buttons",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "3.5.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RSS Redirect \u0026 Feedburner Alternative",
          "vendor": "s-feeds",
          "versions": [
            {
              "lessThanOrEqual": "3.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Chloe Chamberland"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:24:39.864Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8\u0026old=2923021\u0026new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9\u0026new=2923021\u0026sfp_email=\u0026sfph_mail="
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823769%40http-https-remover%2Ftags%2F3.2.3\u0026new=2944114%40http-https-remover%2Ftags%2F3.2.4"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7\u0026new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720\u0026old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-22T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2023-02-22T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2023-07-27T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-0958",
    "datePublished": "2023-07-28T04:37:03.650Z",
    "dateReserved": "2023-02-22T16:05:20.057Z",
    "dateUpdated": "2026-04-08T17:24:39.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-3977 (GCVE-0-2023-3977)
Vulnerability from cvelistv5
Published
2023-07-28 04:37
Modified
2026-04-08 17:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE
  • CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve
https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343
https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427
https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8&old=2923021&new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9&new=2923021&sfp_email=&sfph_mail=
https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432
https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434
https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351
https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432
https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823769%40http-https-remover%2Ftags%2F3.2.3&new=2944114%40http-https-remover%2Ftags%2F3.2.4
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7&new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115
https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720&old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php
Impacted products
Vendor Product Version
inisev Redirection Version: 0    1.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8\u0026old=2923021\u0026new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9\u0026new=2923021\u0026sfp_email=\u0026sfph_mail="
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823769%40http-https-remover%2Ftags%2F3.2.3\u0026new=2944114%40http-https-remover%2Ftags%2F3.2.4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7\u0026new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720\u0026old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3977",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T18:29:00.403777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T19:38:18.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Redirection",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "1.1.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pop-up",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "1.1.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "BackupBliss \u2013 Backup \u0026 Migration with Free Cloud Storage",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "1.2.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Duplicate Post",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "1.3.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Enhanced Text Widget",
          "vendor": "cl272",
          "versions": [
            {
              "lessThanOrEqual": "1.5.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultimate Posts Widget",
          "vendor": "cl272",
          "versions": [
            {
              "lessThanOrEqual": "2.2.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Clone",
          "vendor": "migrate",
          "versions": [
            {
              "lessThanOrEqual": "2.3.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Social Media Share Buttons \u0026 Social Sharing Icons",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "2.8.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SSL Mixed Content Fix",
          "vendor": "steve85b",
          "versions": [
            {
              "lessThanOrEqual": "3.2.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Social Share Icons \u0026 Social Share Buttons",
          "vendor": "inisev",
          "versions": [
            {
              "lessThanOrEqual": "3.5.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RSS Redirect \u0026 Feedburner Alternative",
          "vendor": "s-feeds",
          "versions": [
            {
              "lessThanOrEqual": "3.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Chloe Chamberland"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:14:37.640Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.6/banner/misc.php#L339"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.7/includes/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/redirect-redirection/tags/1.1.3/includes/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.4/banner/misc.php#L343"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/http-https-remover/tags/3.2.3/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.1.9/modules/banner/misc.php#L427"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcopy-delete-posts%2Ftags%2F1.3.8\u0026old=2923021\u0026new_path=%2Fcopy-delete-posts%2Ftags%2F1.3.9\u0026new=2923021\u0026sfp_email=\u0026sfph_mail="
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.2/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.4.0/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.8/modules/banner/misc.php#L432"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/enhanced-text-widget/tags/1.5.7/banner/misc.php#L351"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.2.8/includes/banner/misc.php#L434"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-posts-widget/tags/2.2.5/banner/misc.php#L351"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/pop-up-pop-up/tags/1.2.0/modules/banner/misc.php#L432"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ultimate-social-media-plus/tags/3.5.7/banner/misc.php#L424"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823769%40http-https-remover%2Ftags%2F3.2.3\u0026new=2944114%40http-https-remover%2Ftags%2F3.2.4"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2823770%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.7\u0026new=2944116%40feedburner-alternative-and-rss-redirect%2Ftags%2F3.8#file115"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/2944041/ultimate-social-media-plus/tags/3.5.8/banner/misc.php?old=2823720\u0026old_path=ultimate-social-media-plus%2Ftags%2F3.5.7%2Fbanner%2Fmisc.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-22T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2023-02-22T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2023-07-27T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-3977",
    "datePublished": "2023-07-28T04:37:03.018Z",
    "dateReserved": "2023-07-27T16:08:30.895Z",
    "dateUpdated": "2026-04-08T17:14:37.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}