Plattform
wordpress
Komponente
sosh-share-buttons
Behoben in
1.1.1
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Sosh Share Buttons plugin for WordPress. This flaw allows unauthenticated attackers to manipulate plugin settings by tricking an administrator into performing actions via a forged request. The vulnerability affects versions 0.0 through 1.1.0 and requires an administrator to be targeted. A fix is available in a subsequent version (not specified in the provided data).
Successful exploitation of this CSRF vulnerability could allow an attacker to modify the Sosh Share Buttons plugin's configuration without authentication. This could lead to various consequences depending on the plugin's functionality. For example, an attacker might alter the sharing destinations, redirect users to malicious sites, or inject unwanted code. The impact is amplified if the plugin is heavily used or integrated with other critical site components. While the vulnerability requires administrator interaction, social engineering tactics like phishing emails or malicious links can be employed to achieve this.
This vulnerability is currently not listed on CISA KEV. Public proof-of-concept exploits are not widely available, suggesting a lower probability of immediate widespread exploitation. The vulnerability was publicly disclosed on 2026-01-14. Monitor security advisories and plugin updates for further information.
WordPress websites using the Sosh Share Buttons plugin, particularly those with shared hosting environments or where administrators are susceptible to phishing attacks, are at risk. Sites with outdated plugin versions are especially vulnerable.
• wordpress / composer / npm:
grep -r 'admin_page_content' /var/www/html/wp-content/plugins/sosh-share-buttons/• wordpress / composer / npm:
wp plugin list | grep 'sosh-share-buttons'• wordpress / composer / npm:
wp plugin update sosh-share-buttons --alldisclosure
Exploit-Status
EPSS
0.01% (1% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-15377 is to upgrade the Sosh Share Buttons plugin to a version that includes the necessary nonce validation. Since a fixed version is not specified, contact the plugin developer for an updated release. As a temporary workaround, implement a Web Application Firewall (WAF) rule to filter out suspicious requests targeting the 'adminpagecontent' function. Regularly review plugin settings for any unauthorized changes. Consider disabling the plugin if immediate upgrade is not possible.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerability im Detail und setzen Sie Mitigationen basierend auf der Risikobereitschaft Ihrer Organisation ein. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-15377 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Sosh Share Buttons plugin for WordPress versions 0.0 through 1.1.0, allowing attackers to modify plugin settings.
You are affected if your WordPress site uses the Sosh Share Buttons plugin in versions 0.0 to 1.1.0. Upgrade to a patched version to eliminate the risk.
Upgrade the Sosh Share Buttons plugin to a version that includes nonce validation. Contact the plugin developer for an updated release. Implement a WAF rule as a temporary workaround.
There is no widespread evidence of active exploitation at this time, but the vulnerability remains a potential risk.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and updated version.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.