CVE-2021-24656 Simple Social Media Share Buttons < 3.2.4 - Authenticated Stored Cross-Site Scripting

2021-10-1110:45:36

CWE-79

WPScan

www.cve.org

wordpress plugin

cross-site scripting

share title vulnerability

unfiltered html

EPSS

0.001

Percentile

24.8%

JSON

The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CNA Affected

[
  {
    "product": "Simple Social Media Share Buttons – Social Sharing for Everyone",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.2.4",
        "status": "affected",
        "version": "3.2.4",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/8e897dcc-6e52-440b-83ad-b119c55751c7

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2021-24656