Description
Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io wp-share-buttons-analytics-by-getsocial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.io: from n/a through <= 4.5.
Published: 2025-04-04
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization check in the Social Share Buttons & Analytics Plugin allows an attacker to perform actions that should be restricted to privileged users, leading to unauthorized access. The flaw is a classic broken access control defect classified as CWE‑862, enabling exploitation of incorrect permission enforcement.

Affected Systems

The vulnerability affects the WordPress plugin Social Share Buttons & Analytics Plugin – GetSocial.io provided by Joao Romao. Versions from the initial release through 4.5 are impacted; any installation of the plugin prior to or equal to version 4.5 is susceptible.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, while the EPSS score of <1% shows a very low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves HTTP requests directed at the plugin’s administrative endpoints, exploiting the lack of proper role verification. If an attacker can reach these endpoints, they can gain unauthorized control over plugin settings or possibly higher privileges within WordPress.

Generated by OpenCVE AI on May 1, 2026 at 00:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Social Share Buttons & Analytics Plugin to the latest version (>=4.6).
  • Restrict access to the plugin’s administrative URLs to administrator roles only, for example by enabling role‑based access control within WordPress or using a firewall rule that limits requests to administrators.
  • Review the user accounts on the WordPress site and remove or downgrade any accounts that have unnecessary elevated privileges required to modify plugin settings.

Generated by OpenCVE AI on May 1, 2026 at 00:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9807 Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Share Buttons & Analytics Plugin – GetSocial.io: from n/a through 4.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Share Buttons & Analytics Plugin – GetSocial.io: from n/a through 4.5. Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io wp-share-buttons-analytics-by-getsocial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.io: from n/a through <= 4.5.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Fri, 04 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 04 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Share Buttons & Analytics Plugin – GetSocial.io: from n/a through 4.5.
Title WordPress Social Share Buttons & Analytics Plugin plugin <= 4.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:19.663Z

Reserved: 2025-04-04T10:01:59.469Z

Link: CVE-2025-32239

cve-icon Vulnrichment

Updated: 2025-04-04T18:23:50.122Z

cve-icon NVD

Status : Deferred

Published: 2025-04-04T16:15:33.383

Modified: 2026-04-23T15:28:48.930

Link: CVE-2025-32239

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T00:15:04Z

Weaknesses