Lucene search
WPScanCVE-2024-2159HistoryApr 26, 2024 - 5:15 a.m.
CVE-2024-2159
2024-04-2605:15:50
WPScan
web.nvd.nist.gov
47
wordpress
plugin
stored cross-site scripting
The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected configurations
Node
social_sharing_pluginRange<3.3.61wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | social_sharing_plugin | * | cpe:2.3:a:*:social_sharing_plugin:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Social Sharing Plugin ",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "3.3.61"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-2159
2024-04-26 05:15:50
wpvulndb
wpvulndb
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
2024-04-05 00:00:00
wpexploit
wpexploit
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
2024-04-05 00:00:00
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
2024-04-05 00:00:00
vulnrichment
vulnrichment
CVE-2024-2159 Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
2024-04-26 05:00:02
cvelist
cvelist
CVE-2024-2159 Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
2024-04-26 05:00:02
wordfence
wordfence