CVE-2022-0594: 
WordPress vulnerability analysis and mitigation

The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin (Shareaholic) before version 9.7.6 contains an authorization vulnerability. The plugin lacks proper authorization checks in one of its AJAX actions, which affects both unauthenticated users (in versions before 9.7.5) and users with author or higher privileges (in version 9.7.5) (NVD, WPScan).

The vulnerability is classified as an Incorrect Authorization issue (CWE-863) with a CVSS v3.1 base score of 5.3 (Medium). The vulnerability allows unauthorized access to an AJAX action endpoint that can be exploited through the path '/wp-admin/admin-ajax.php?action=shareaholicdebuginfo'. This endpoint exposes various system information including the list of active plugins, PHP version, cURL version, and WordPress version (NVD).

When exploited, the vulnerability allows attackers to retrieve sensitive information about the WordPress installation, including the list of active plugins, PHP version, cURL version, and other system details. This information disclosure could potentially be used to plan more targeted attacks against the affected systems (WPScan).

The vulnerability has been fixed in version 9.7.6 of the Shareaholic plugin. Users are advised to update to this version or later to mitigate the security risk (NVD).