Title: Vulnerability Last modified: June 6, 2023 --- # Vulnerability * Resolved [marketeeringroup](https://wordpress.org/support/users/marketeeringroup/) * (@marketeeringroup) * [3 years ago](https://wordpress.org/support/topic/vulnerability-69/) * WP Engine reports of a vulnerability that allows an attacker to target privileged authenticated users with malicious links thatmake authenticated requests to WordPress on behalf of the user. An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators. * Do you have a patch for this or an updated version of the plugin available yet? Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Contributor [ShareThis](https://wordpress.org/support/users/sharethis/) * (@sharethis) * [3 years ago](https://wordpress.org/support/topic/vulnerability-69/#post-16805073) * Hi [@marketeeringroup](https://wordpress.org/support/users/marketeeringroup/), * Thanks for reporting this. * However, we think this is the same vulnerability that was reported to us in April, 2023 and was patched on version 8.4.7. You can see it in more detail here: [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-share-buttons-adder/simple-share-buttons-adder-846-cross-site-request-forgery](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-share-buttons-adder/simple-share-buttons-adder-846-cross-site-request-forgery) * It’s possible that WP Engine hasn’t updated their information on this and is still reporting the issue as open. * Best regards, * The ShareThis Technical Support team. * [Anthony Hortin](https://wordpress.org/support/users/ahortin/) * (@ahortin) * [2 years, 11 months ago](https://wordpress.org/support/topic/vulnerability-69/#post-16823362) * Hi, * Plesk and PatchStack is also reporting the vulnerability, so can you please look into this. Thanks * See: [https://patchstack.com/database/vulnerability/simple-share-buttons-adder/wordpress-simple-share-buttons-adder-plugin-8-4-6-cross-site-request-forgery-csrf](https://patchstack.com/database/vulnerability/simple-share-buttons-adder/wordpress-simple-share-buttons-adder-plugin-8-4-6-cross-site-request-forgery-csrf) * Plugin Contributor [ShareThis](https://wordpress.org/support/users/sharethis/) * (@sharethis) * [2 years, 7 months ago](https://wordpress.org/support/topic/vulnerability-69/#post-17136922) * Hello, * Thank you for bringing this to our attention. * This vulnerability has been solved in a previous update. We have informed our engineering team about the fact that the issue still appears on Patchstack, they have made another review of the plugin and the tests indicate that the vulnerability has already been solved. Our team is in contact with the Patchstack team so they can further review their report and update it on their website. * Best, -ShareThis Support Team Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Vulnerability’ is closed to new replies. * ![](https://ps.w.org/simple-share-buttons-adder/assets/icon-256x256.png?rev=2661516) * [Simple Share Buttons Adder](https://wordpress.org/plugins/simple-share-buttons-adder/) * [Frequently Asked Questions](https://wordpress.org/plugins/simple-share-buttons-adder/#faq) * [Support Threads](https://wordpress.org/support/plugin/simple-share-buttons-adder/) * [Active Topics](https://wordpress.org/support/plugin/simple-share-buttons-adder/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/simple-share-buttons-adder/unresolved/) * [Reviews](https://wordpress.org/support/plugin/simple-share-buttons-adder/reviews/) * 6 replies * 3 participants * Last reply from: [ShareThis](https://wordpress.org/support/users/sharethis/) * Last activity: [2 years, 7 months ago](https://wordpress.org/support/topic/vulnerability-69/#post-17136922) * Status: resolved