Description
: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Social Media & Share Icons: from n/a through 2.8.6.
Published: 2026-06-17
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows attackers to exploit incorrectly configured access control security levels. This broken access control means that unauthorized users could gain access to plugin management features or other privileged functions normally restricted to authenticated administrators. The weakness is identified as CWE-862, indicating a lack of proper access control enforcement.

Affected Systems

The affected product is the Inisev Social Media & Share Icons WordPress plugin, version 2.8.6 and any earlier release. The plugin can be installed on any WordPress website that has not been updated to 2.8.7 or later. The vendor is Inisev.

Risk and Exploitability

The CVSS score of 4.3 denotes moderate severity. No EPSS data is available, and the vulnerability has not been listed in the CISA KEV catalog. Based on the description, the most likely attack vector is through the web application, where an unauthenticated or low‑privileged user can request plugin URLs or endpoints that should be protected. If the attacker can access these endpoints, they may modify plugin settings, inject content, or otherwise perform actions intended to be restricted to administrators. The absence of an immediately available exploit and the moderate CVSS score suggest a moderate risk, but any site that relies on the plugin without patching remains vulnerable.

Generated by OpenCVE AI on June 18, 2026 at 13:58 UTC.

Remediation

Vendor Solution

Update the WordPress Social Media & Share Icons plugin to the latest available version (at least 2.8.7).


OpenCVE Recommended Actions

  • Update the WordPress Social Media & Share Icons plugin to version 2.8.7 or later.
  • If an immediate update cannot be applied, temporarily disable the plugin or restrict its access to trusted administrators only by configuring role permissions.
  • Monitor access logs and plugin configuration changes for unauthorized activity, and consider implementing a web application firewall rule that blocks requests to the plugin's administration endpoints.

Generated by OpenCVE AI on June 18, 2026 at 13:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Inisev
Inisev social Media & Share Icons
Wordpress
Wordpress wordpress
Vendors & Products Inisev
Inisev social Media & Share Icons
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description : Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6.
Title WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.6 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}


Subscriptions

Inisev Social Media & Share Icons
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T12:45:38.989Z

Reserved: 2024-04-03T12:24:48.840Z

Link: CVE-2024-31435

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T23:03:31Z

Weaknesses