Plugin Vulnerable to Reflected Cross-Site Scripting
CVE-2024-8790

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Social Share With Floating Bar
Vendor: CVE Published:; 18 October 2024

What is CVE-2024-8790?

The Social Share With Floating Bar plugin for WordPress is susceptible to Reflected Cross-Site Scripting (XSS) due to inadequate query argument handling. Specifically, the plugin utilizes add_query_arg without appropriate URL escaping, which exposes users to potential web script injection. This vulnerability enables attackers to inject arbitrary scripts into the affected pages, potentially compromising user interactions. Unauthenticated users may exploit this weakness by enticing victims into clicking malicious links, thereby executing harmful scripts within their browsers.

Affected Version(s)

Social Share With Floating Bar * <= 1.0.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/social-share-w...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Sep 13, 2024

Credit

Dale Mavers