CVE-2021-24746

The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:heateor:sassy_social_share:*:*:*:*:*:wordpress:*:*

History

04 Apr 2022, 16:03

Type Values Removed Values Added
CPE cpe:2.3:a:heateor:sassy_social_share:*:*:*:*:*:wordpress:*:*
References (MISC) https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa - (MISC) https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1

28 Mar 2022, 18:45

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-28 18:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-24746

Mitre link : CVE-2021-24746

CVE.ORG link : CVE-2021-24746


JSON object : View

Products Affected

heateor

  • sassy_social_share
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')