Skip to main content

Simple Social Media Share Buttons CVE-2026-34904

| EUVDEUVD-2026-19596 HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-04-07 Patchstack GHSA-jp4w-vjf8-5c76
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 24, 2026 - 18:22 vuln.today
cvss_changed
EUVD ID Assigned
Apr 07, 2026 - 08:45 euvd
EUVD-2026-19596
Analysis Generated
Apr 07, 2026 - 08:45 vuln.today
CVE Published
Apr 07, 2026 - 08:22 nvd
HIGH 7.5

DescriptionCVE.org

Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0.

AnalysisAI

Cross-Site Request Forgery in Analytify Simple Social Media Share Buttons WordPress plugin (versions ≤6.2.0) enables unauthenticated remote attackers to execute unauthorized actions on behalf of authenticated administrators through high-complexity social engineering attacks. CVSS 7.5 severity reflects potential for complete compromise of confidentiality, integrity, and availability when successfully exploited. No public exploit identified at time of analysis, though CSRF vulnerabilities are well-understood with documented exploitation techniques.

Technical ContextAI

This vulnerability stems from inadequate CSRF token validation (CWE-352) in the Simple Social Media Share Buttons WordPress plugin developed by Analytify. CSRF attacks exploit the trust a web application has in authenticated user browsers by tricking victims into submitting malicious requests while authenticated. WordPress plugins commonly implement CSRF protections through nonce verification functions (wp_verify_nonce), and failure to properly validate these tokens on state-changing operations allows attackers to forge requests. The affected component (cpe:2.3:a:analytify:simple_social_media_share_buttons) likely exposes administrative functions or configuration endpoints without proper anti-CSRF mechanisms, enabling attackers to manipulate plugin settings, inject malicious content, or perform privilege escalation when an administrator interacts with attacker-controlled resources.

RemediationAI

WordPress administrators should immediately upgrade Simple Social Media Share Buttons plugin to version 6.2.1 or later, which is expected to contain CSRF token validation fixes (exact patched version should be verified through the WordPress plugin repository or Analytify's official advisory). Access the WordPress admin dashboard, navigate to Plugins > Installed Plugins, locate Simple Social Media Share Buttons, and apply available updates. If immediate patching is not feasible, implement defense-in-depth measures including restricting WordPress admin panel access to trusted IP addresses via .htaccess or firewall rules, enabling Web Application Firewall (WAF) rules that detect CSRF patterns, educating administrators about phishing risks and suspicious link avoidance, and implementing additional authentication layers such as two-factor authentication to reduce session hijacking impact. Review administrator audit logs for suspicious configuration changes during the vulnerability window. Consult Patchstack's detailed advisory at https://patchstack.com/database/wordpress/plugin/simple-social-buttons/vulnerability/wordpress-simple-social-media-share-buttons-plugin-6-2-0-cross-site-request-forgery-csrf-vulnerability for technical validation guidance and indicators of compromise.

Share

CVE-2026-34904 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy