WordPress Sassy Social Share plugin <= 3.3.23 - Missing Authorization Controls to PHP Object Injection vulnerability

sassy-social-share

Software
Sassy Social Share
Vulnerable Versions
<= 3.3.23
Fixed in version
3.3.24
Classification
PHP Object Injection
OWASP Top 10
A8: Insecure Deserialization
Disclosure Date
2021-10-20
CVSS 3.0 score

6.3

Medium

Possible with subscriber or higher role user.

Are your websites subject to this vulnerability?

Details

Missing Authorization Controls to PHP Object Injection vulnerability discovered by Chloe Chamberland (WordFence) in WordPress Sassy Social Share plugin (versions <= 3.3.23).

Solution

Update the WordPress Sassy Social Share plugin to the latest available version (at least 3.3.24).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.