WordPress Social Sharing Plugin Vulnerable to Stored Cross-Site Scripting Attacks

CVE-2024-2159

Currently unrated 🤨

Key Information

Vendor: WordPress
Status: Social Sharing Plugin
Vendor: CVE Published:; 26 April 2024

Summary

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affected Version(s)

Social Sharing Plugin < 3.3.61

Timeline

Vulnerability published.
Apr 26, 2024

Collectors

NVD DatabaseMitre Database

Credit

Dmitrii Ignatyev

WPScan