Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0.
AnalysisAI
Cross-Site Request Forgery in Analytify Simple Social Media Share Buttons WordPress plugin (versions ≤6.2.0) enables unauthenticated remote attackers to execute unauthorized actions on behalf of authenticated administrators through high-complexity social engineering attacks. CVSS 7.5 severity reflects potential for complete compromise of confidentiality, integrity, and availability when successfully exploited. No public exploit identified at time of analysis, though CSRF vulnerabilities are well-understood with documented exploitation techniques.
Technical ContextAI
This vulnerability stems from inadequate CSRF token validation (CWE-352) in the Simple Social Media Share Buttons WordPress plugin developed by Analytify. CSRF attacks exploit the trust a web application has in authenticated user browsers by tricking victims into submitting malicious requests while authenticated. WordPress plugins commonly implement CSRF protections through nonce verification functions (wp_verify_nonce), and failure to properly validate these tokens on state-changing operations allows attackers to forge requests. The affected component (cpe:2.3:a:analytify:simple_social_media_share_buttons) likely exposes administrative functions or configuration endpoints without proper anti-CSRF mechanisms, enabling attackers to manipulate plugin settings, inject malicious content, or perform privilege escalation when an administrator interacts with attacker-controlled resources.
RemediationAI
WordPress administrators should immediately upgrade Simple Social Media Share Buttons plugin to version 6.2.1 or later, which is expected to contain CSRF token validation fixes (exact patched version should be verified through the WordPress plugin repository or Analytify's official advisory). Access the WordPress admin dashboard, navigate to Plugins > Installed Plugins, locate Simple Social Media Share Buttons, and apply available updates. If immediate patching is not feasible, implement defense-in-depth measures including restricting WordPress admin panel access to trusted IP addresses via .htaccess or firewall rules, enabling Web Application Firewall (WAF) rules that detect CSRF patterns, educating administrators about phishing risks and suspicious link avoidance, and implementing additional authentication layers such as two-factor authentication to reduce session hijacking impact. Review administrator audit logs for suspicious configuration changes during the vulnerability window. Consult Patchstack's detailed advisory at https://patchstack.com/database/wordpress/plugin/simple-social-buttons/vulnerability/wordpress-simple-social-media-share-buttons-plugin-6-2-0-cross-site-request-forgery-csrf-vulnerability for technical validation guidance and indicators of compromise.
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19596
GHSA-jp4w-vjf8-5c76