Social Sharing Plugin – Kiwi

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:wpkube:social_sharing_plugin_–_kiwi:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorWpkube (f4241446-089f-5ffb-84a4-260b1a556496)
ProductSocial Sharing Plugin – Kiwi (2f589659-935a-5864-98e9-e9e6fa18cff0)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-3228 vulnerable 2026-06-08 06:41:52.735117 Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure
MEDIUM (5.3)
The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts.
Published: 2024-07-09T08:33:07.717Z
Updated: 2026-04-08T17:05:29.965Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-4362 vulnerable 2026-06-08 05:38:09.270232 Details available
CRITICAL (9.8)
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version.
Published: 2023-06-07T01:51:28.136Z
Updated: 2024-12-28T00:55:32.558Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.