CVE-2018-11632

N/A

An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function.

N/A

N/A

WordPress MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber插件跨站请求伪造漏洞

WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin是使用在其中的一个用于在页面中添加社交分享按钮的插件。 WordPress MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber插件1.0.8版本中存在跨

N/A

N/A