Unfiltered HTML Setting Vulnerability in WordPress Social Sharing Plugin Could Lead to Stored Cross-Site Scripting Attacks

CVE-2024-4924

Currently unrated 🤨

Key Information

Vendor: WordPress
Status: Social Sharing Plugin
Vendor: CVE Published:; 12 June 2024

Summary

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Affected Version(s)

Social Sharing Plugin < 3.3.63

Timeline

Vulnerability published.
Jun 12, 2024
Vulnerability Reserved.
May 15, 2024

Collectors

NVD DatabaseMitre Database

Credit

Dmitrii Ignatyev

WPScan