What the vulnerability does
01Description
Missing Authorization vulnerability in appscreo Easy Social Share Buttons.This issue affects Easy Social Share Buttons: from n/a through 9.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in appscreo Easy Social Share Buttons.This issue affects Easy Social Share Buttons: from n/a through 9.4.
Explanation of Vulnerability in Simple Terms
Easy Social Share Buttons versions 9.4 and earlier lack proper authorization checks, allowing authenticated users with low privileges to read, modify, or delete data they should not access. An attacker with a basic user account can exploit this to view sensitive information, alter site content, or disrupt availability. Update to a version newer than 9.4 to remediate.
What an attacker can do
Read, modify, or delete data without proper authorization as a low-privilege authenticated user.
Potential impact on your site
Unauthorized users can access, change, or remove sensitive data and site content.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities