Impact
The vulnerability is a missing authorization flaw in the WordPress Shareaholic plugin, allowing an attacker to exploit incorrectly configured access control security levels. This flaw can enable unauthorized users to access administrative functions or data that should be protected, potentially leading to data exposure, modification, or deletion. The weakness is categorized as CWE-862, a broken access control issue.
Affected Systems
Vendors: Shareaholic. Product: Shareaholic plugin for WordPress. Affected versions: all releases from the initial release through version 9.7.11.
Risk and Exploitability
The CVSS score of 4.3 indicates moderate severity, but the lack of a publicly provided EPSS score and absence from the CISA KEV catalog suggest a limited risk of widespread exploitation at this time. The vulnerability likely requires the attacker to interact with the plugin via the WordPress web interface or target a vulnerable endpoint; however, specific attack steps are not detailed in the advisory, so the exact attack vector is inferred rather than explicitly documented.
OpenCVE Enrichment