CVE-2025-15377
CSRF Vulnerability in Sosh Share Buttons Plugin Allows Settings Modification
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | sosh_share_buttons | to 1.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Sosh Share Buttons WordPress plugin (up to version 1.1.0) is a Cross-Site Request Forgery (CSRF) issue caused by missing nonce validation in the 'admin_page_content' function. This allows unauthenticated attackers to trick a site administrator into performing unintended actions, such as updating the plugin's settings, by sending a forged request that the admin unknowingly executes.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to change the plugin's settings without authorization by exploiting the administrator's session. Although it does not directly compromise confidentiality or availability, it can lead to unauthorized changes in the website's social sharing configuration, potentially affecting site behavior or user experience.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the Sosh Share Buttons plugin version is 1.1.0 or earlier and verifying if the plugin's admin page is vulnerable to CSRF by testing for missing nonce validation on the 'admin_page_content' function. Since the vulnerability allows unauthenticated attackers to update plugin settings via forged requests, monitoring HTTP POST requests to the plugin's admin page for suspicious or unexpected changes can help detect exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Sosh Share Buttons plugin to a version later than 1.1.0 where the nonce validation issue is fixed. If an update is not available, temporarily disabling the plugin or restricting access to the plugin's admin pages to trusted administrators can reduce risk. Additionally, educating site administrators to avoid clicking on suspicious links can help prevent exploitation. [1]