CVE-2022-33960

State: PUBLISHED · Published: 2022-07-22 · Updated: 2025-02-20 · Assigner: Patchstack

Description

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.

CWE

CWE-89 — CWE-89 SQL Injection

Affected

Supsystic / Social Share Buttons by Supsystic (WordPress plugin) — v=<= 2.2.3 ≤2.2.3 [affected]

CVSS

3.1 score=8.5 severity=HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

References

https://wordpress.org/plugins/social-share-buttons-by-supsystic/#developers x_refsource_CONFIRM
https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities x_refsource_CONFIRM

Source

cvelistV5-main/cves/2022/33xxx/CVE-2022-33960.json