← back
CVE-2024-4997

WPUpper Share Buttons <= 3.43 - Missing Authorization

CVSS 5.3 MEDIUMEPSS 0.4%CWE-862
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Jun 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and pages.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N