The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa | Exploit Third Party Advisory |
Configurations
History
04 Apr 2022, 16:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:heateor:sassy_social_share:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
28 Mar 2022, 18:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-28 18:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-24746
Mitre link : CVE-2021-24746
CVE.ORG link : CVE-2021-24746
JSON object : View
Products Affected
heateor
- sassy_social_share
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')