{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15377", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-30T20:12:22.347Z", "datePublished": "2026-01-14T05:28:06.577Z", "dateUpdated": "2026-04-08T16:46:35.743Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:35.743Z"}, "affected": [{"vendor": "abage", "product": "Sosh Share Buttons", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'admin_page_content' function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38b8b563-10a4-4343-b95a-7d09cf6fd729?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/sosh-share-buttons/tags/1.1.0/sosh.class.php#L138"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "dayea song"}], "timeline": [{"time": "2025-12-23T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2026-01-13T17:22:47.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-15T20:15:51.795716Z", "id": "CVE-2025-15377", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T20:19:13.876Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15377", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-15T20:15:51.795716Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T20:19:04.552Z"}}], "cna": {"title": "Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery", "credits": [{"lang": "en", "type": "finder", "value": "dayea song"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "abage", "product": "Sosh Share Buttons", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.1.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-23T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2026-01-13T17:22:47.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38b8b563-10a4-4343-b95a-7d09cf6fd729?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/sosh-share-buttons/tags/1.1.0/sosh.class.php#L138"}], "descriptions": [{"lang": "en", "value": "The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'admin_page_content' function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-01-14T05:28:06.577Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15377", "state": "PUBLISHED", "dateUpdated": "2026-01-15T20:19:13.876Z", "dateReserved": "2025-12-30T20:12:22.347Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-14T05:28:06.577Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'admin_page_content' function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin Sosh Share Buttons para WordPress es vulnerable a la falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta la 1.1.0, inclusive. Esto se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n 'admin_page_content'. Esto hace posible que atacantes no autenticados actualicen la configuraci\u00f3n del plugin a trav\u00e9s de una petici\u00f3n falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-15377", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-14T06:15:54.283", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/sosh-share-buttons/tags/1.1.0/sosh.class.php#L138"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38b8b563-10a4-4343-b95a-7d09cf6fd729?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T16:26:59.752683+00:00", "value": {"mitigation_remediation": ["Update the Sosh Share Buttons plugin to a version later than 1.1.0 so that nonce validation is restored.", "If immediate update is not possible, temporarily disable or remove the plugin\u2019s administrative interface to block forged requests.", "Add a web\u2011application firewall rule that blocks requests to the plugin\u2019s admin_page_content endpoint without a valid nonce or authenticated session."], "summary": {"action": "Apply patch", "impact": "Cross\u2011Site Request Forgery enabling unauthorized plugin configuration changes"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the Sosh Share Buttons plugin version 1.1.0 or older. All users of these versions are affected because the vulnerability exists in every release up to and including 1.1.0.", "description_and_impact": "The Sosh Share Buttons plugin for WordPress is vulnerable because the admin_page_content function does not validate a nonce before processing settings changes. This missing check allows an unauthenticated attacker to send a forged request that updates the plugin\u2019s configuration when the administrator is tricked into clicking a link. The primary impact is that an attacker can alter the share button settings, potentially redirecting users to malicious destinations or changing displayed content, and it is classified as CWE\u2011352.", "risk_and_exploitability": "The CVSS score of 4.3 reflects moderate impact, while the EPSS score of less than 1% indicates a low likelihood of exploitation at present. The vulnerability is not listed in CISA\u2019s KEV catalog, so no known widespread exploit activity is reported. The most likely attack vector involves social engineering: an attacker crafts a link that, when clicked by a site administrator, submits a request that the plugin accepts and applies the new settings."}}}}, "created": "2026-01-14T10:48:33.320998+00:00", "updated": "2026-04-21T16:30:40.683289+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}