mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-21 21:26:50 +02:00
0xMarcio
882 B
882 B
CVE-2018-11632
Description
An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function.
POC
Reference
No PoCs from references.