Plugin Name: Shareaholic
- Software Type: Plugin
- Software Slug: shareaholic
- Software Status: Active
- Software Author: shareaholic
- Software Downloads: 4,734,248
- Active Installs: 30,000
- Last Updated: November 14, 2023
- Patched Versions: 9.7.9
- Affected Versions: <= 9.7.8
- Name: Shareaholic <= 9.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
- Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
- Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE: CVE-2023-4889
- CVSS Score: 6.4 (Medium)
- Publicly Published: November 14, 2023
- Researcher: István Márton
- Description: The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The vulnerability, tracked as CVE-2023-4889, exists in the Shareaholic plugin due to insufficient sanitization of user input when using the 'shareaholic' shortcode. By providing malformed attributes, an attacker can store cross-site scripting payloads that will execute when a victim views a compromised page or post. This could be used for a variety of malicious purposes, including stealing session cookies or credentials. The vulnerability was privately disclosed by researcher István Márton and has been given a CVSS severity score of 6.4 out of 10. Users are strongly advised to update to Shareaholic version 9.7.9 or later as soon as possible to mitigate this vulnerability. Failing to patch this vulnerability potentially leaves over 30,000 active WordPress sites open to stored XSS attacks.
Advice for Users:
- Immediate Action: Update to Shareaholic version 9.7.9 or newer as soon as possible.
- Alternate Plugins: Consider using alternate social sharing plugins like AddThis or Simple Share Buttons Adder as a precaution.
- Stay Updated: Always keep your WordPress plugins updated to avoid potential vulnerabilities.
Shareaholic's prompt release of version 9.7.9 to address this vulnerability is a positive sign. WordPress site owners should nevertheless treat this vulnerability with priority and update immediately. The ease of exploiting this for malicious purposes means sites could be compromised without showing obvious outward signs.
Specifically, the vulnerability exists because Shareaholic fails to properly sanitize user input when using its shortcode functionality. By providing malformed attributes, an attacker can store cross-site scripting payloads that will execute when a page or post is viewed by a victim.
This could empower bad actors to do things like steal session cookies, hijack user accounts, scrape sensitive data, deface sites, and more. The ease of exploiting such a vulnerability means that compromised sites may not even show obvious signs of an attack.
The good news is that Shareaholic has already issued a patch by releasing version 9.7.9. All WordPress site owners using Shareaholic should update to this latest version as soon as possible. You can do this easily from the WordPress admin dashboard by navigating to Plugins > Installed Plugins and clicking "Update" next to Shareaholic.
If you suspect your site may have already been compromised, be sure to check for any unauthorized users added, changes to existing posts/pages, or unexpected files uploaded. Also have a developer review your site for any malicious code injections.
This is not the first vulnerability found in Shareaholic. In fact, two other security issues have been reported since April 2015. This underscores the importance of staying vigilant and keeping all your plugins updated, not just Shareaholic.
Don't tackle WordPress security alone - the consequences of a breach are too great. At Your WP Guy, our managed WordPress maintenance services include layers of protection like auto-updates, malware scanning, firewalls and 24/7 monitoring by WordPress experts. We become your outsourced IT team.
Let's chat about migrating your site to our managed hosting so you can finally stop worrying about security issues. We'll fully audit and lock down your site as part of onboarding. Call us at 678-995-5169 to keep your business safe online.