CVE-2023-54333

HIGH8.8

Social-Share-Buttons 2.2.3 - SQL Injection via project_id Parameter

Published Jan 13, 2026

Modified Yesterday

No fix available

Details

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entire database contents.

References

WEBhttps://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Social-Share-Buttons-2.2.3 WEBhttps://supsystic.com/plugins/social-share-plugin/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2023-54333 DETECTIONhttps://www.exploit-db.com/exploits/51116 ADVISORYhttps://www.vulncheck.com/advisories/social-share-buttons-sql-injection-via-projectid-parameter

CVSS Analysis

CVSS v3.1

8.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

LowI:L

Availability

NoneA:N

8.2/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Weakness Type (CWE)

Injection

CWE-89

SQL Injection

Ecosystems

Timeline

PublishedJan 13, 2026

ModifiedJan 13, 2026