Platform
wordpress
Component
sosh-share-buttons
Fixed in
1.1.1
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Sosh Share Buttons plugin for WordPress. This flaw allows unauthenticated attackers to manipulate plugin settings by tricking an administrator into performing actions via a forged request. The vulnerability affects versions 0.0 through 1.1.0 and requires an administrator to be targeted. A fix is available in a subsequent version (not specified in the provided data).
Successful exploitation of this CSRF vulnerability could allow an attacker to modify the Sosh Share Buttons plugin's configuration without authentication. This could lead to various consequences depending on the plugin's functionality. For example, an attacker might alter the sharing destinations, redirect users to malicious sites, or inject unwanted code. The impact is amplified if the plugin is heavily used or integrated with other critical site components. While the vulnerability requires administrator interaction, social engineering tactics like phishing emails or malicious links can be employed to achieve this.
This vulnerability is currently not listed on CISA KEV. Public proof-of-concept exploits are not widely available, suggesting a lower probability of immediate widespread exploitation. The vulnerability was publicly disclosed on 2026-01-14. Monitor security advisories and plugin updates for further information.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-15377 is to upgrade the Sosh Share Buttons plugin to a version that includes the necessary nonce validation. Since a fixed version is not specified, contact the plugin developer for an updated release. As a temporary workaround, implement a Web Application Firewall (WAF) rule to filter out suspicious requests targeting the 'adminpagecontent' function. Regularly review plugin settings for any unauthorized changes. Consider disabling the plugin if immediate upgrade is not possible.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-15377 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Sosh Share Buttons plugin for WordPress versions 0.0 through 1.1.0, allowing attackers to modify plugin settings.
You are affected if your WordPress site uses the Sosh Share Buttons plugin in versions 0.0 to 1.1.0. Upgrade to a patched version to eliminate the risk.
Upgrade the Sosh Share Buttons plugin to a version that includes nonce validation. Contact the plugin developer for an updated release. Implement a WAF rule as a temporary workaround.
There is no widespread evidence of active exploitation at this time, but the vulnerability remains a potential risk.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and updated version.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.