CVE-2024-4997 MEDIUM

CVE-2024-4997: WPUpper Share Buttons <= 3.43 - Missing Authorization

Vendor Victorfreitas
Product WPUpper Share Buttons
Weakness CWE-862 · Missing authorization
Published June 4, 2024
Last update April 8, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and pages.

Explanation of Vulnerability in Simple Terms

02Summary

WPUpper Share Buttons versions 3.43 and earlier lack proper authorization checks, allowing unauthenticated attackers to access sensitive functionality over the network. The vulnerability exposes limited confidential information without requiring user interaction or special conditions. Site administrators should update to a version newer than 3.43 to mitigate this exposure.

What an attacker can do

03Attacker Capabilities

Read limited sensitive data from the plugin without authentication.

Potential impact on your site

04Site Impact

Unauthenticated visitors can access restricted plugin features and view non-public information.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

June 4, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

08Related CVE