Security vulnerability for version <= 3.2.2 | WordPress.org

Resolved ciaranmcauleygeant
(@ciaranmcauleygeant)

11 months, 2 weeks ago

Hi there’s a security vulnerability reported for this plugin on patchstack https://patchstack.com/database/wordpress/plugin/googleanalytics/vulnerability/wordpress-sharethis-dashboard-for-google-analytics-plugin-3-2-2-cross-site-request-forgery-csrf-vulnerability?_a_id=473 .

We’re currently using this plugin so would like to know if you plan to address this issue soon?

The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author ShareThis
(@sharethis)

11 months ago

Hey thanks for reaching out. We have attempted to address any sort of security issues in ver. 3.2.3, but Patchstack is not a very accurate source for CSRF vulnerabilities so not sure if/when they’re update their status.

That being said, WordPress had previously reached out and did an extensive dive into our code and noted things that we have addressed in 3.2.2 and were satisfied with our approach. The plugin is not at risk for any forgery requests at this point in time so feel free to continue using it as normal.

Remember to always keep an eye on your current user lists and do quarterly audits to remove any nefarious accounts. That will minimize your risk of users accessing your site’s DB altogether.

Let me know if you have any more questions. Thanks!

ShareThis

Hector
(@hectorsharethis)

6 months ago

Hi @ciaranmcauleygean – Patchstack has finally updated the report and confirm this has been fixed.

https://patchstack.com/database/wordpress/plugin/simple-share-buttons-adder/vulnerability/wordpress-simple-share-buttons-adder-plugin-8-4-6-cross-site-request-forgery-csrf?_a_id=350

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security vulnerability for version <= 3.2.2’ is closed to new replies.

4 replies
3 participants
Last reply from: Hector
Last activity: 6 months ago
Status: resolved