Social Icons Widget & Block – Social Media Icons & Share Buttons
Approved changes feed: RSS · Atom
cpe:2.3:a:wpzoom:social_icons_widget_&_block_–_social_media_icons_&_share_buttons:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wpzoom (41ecada1-7571-5859-ba6a-0d847e9d0d4f) |
|---|---|
| Product | Social Icons Widget & Block – Social Media Icons & Share Buttons (87687129-179e-56b8-868d-c833da9054a4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-4063 |
vulnerable | 2026-06-03 15:26:24.285912 |
Social Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation
MEDIUM (4.3)
The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter.
Published: 2026-03-13T09:25:00.829Z
Updated: 2026-04-08T16:58:55.714Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.