CVE-2021-39321

moderate-risk
Published 2021-10-21

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function.

Do I need to act?

~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Heateor

References (6)

Patch https://plugins.trac.wordpress.org/changeset/2600464/sassy-social-share/trunk/ad...
Exploit https://www.wordfence.com/blog/2021/10/vulnerability-patched-in-sassy-social-sha...
Third Party Advisory https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39321
Patch https://plugins.trac.wordpress.org/changeset/2600464/sassy-social-share/trunk/ad...
Exploit https://www.wordfence.com/blog/2021/10/vulnerability-patched-in-sassy-social-sha...
Third Party Advisory https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39321
39
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 4/34 · Minimal
Exposure 5/34 · Minimal