CVE-2023-5070
Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.
| CWE | CWE-200 |
| Vendor | inisev |
| Product | social media share buttons & social sharing icons |
| Published | Oct 20, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for inisev social media share buttons & social sharing icons
Be the first to know when new medium vulnerabilities affecting inisev social media share buttons & social sharing icons are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
inisev / Social Media Share Buttons & Social Sharing Icons
0 โค 2.8.5
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8a3-52d437f0e00d?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-icons/tags/2.8.6/libs/controllers/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php
Credits
Marco Wotschka