Lucene search

[email protected]NVD:CVE-2021-24656

HistoryOct 11, 2021 - 11:15 a.m.

CVE-2021-24656

2021-10-1111:15:08

CWE-79

[email protected]

web.nvd.nist.gov

wordpress

social media

cross-site scripting

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Affected configurations

Nvd

Node

wpbrigadesimple_social_buttonsRange<3.2.4wordpress

VendorProductVersionCPE
wpbrigadesimple_social_buttons*cpe:2.3:a:wpbrigade:simple_social_buttons:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpbrigade	simple_social_buttons	*	cpe:2.3:a:wpbrigade:simple_social_buttons::::::wordpress::*

References

wpscan.com/vulnerability/8e897dcc-6e52-440b-83ad-b119c55751c7

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Related for NVD:CVE-2021-24656

wpvulndb1 wpexploit1 cnvd1 cvelist1 patchstack1 prion1 cve1