12 matches found
EUVD-2021-11480
Malware in sbrugna...
CVE-2021-24568
The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
AddToAny Share Buttons - Moderately critical - Access bypass - SA-CONTRIB-2023-018
This module provides social media share & follow buttons. The module doesn't sufficiently check access to a node when retrieving the label of an AddToAny block. This vulnerability is mitigated by the fact it requires the node ID to be passed via the route, requiring another module or specific...
WordPress AddToAny Share Buttons Plugin < 1.7.48 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24616 AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting
The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24568
The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24568
CVE-2021-24568 affects the WordPress AddToAny Share Buttons plugin prior to 1.7.46. The root cause is lack of sanitization of the Sharing Header setting when it is output in frontend pages, enabling authenticated users (e.g., admins) to perform stored XSS if the unfiltered_html capability is disa...
WordPress plugin AddToAny Share Buttons 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress plug...
AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add the following payload in the Universal Button Image URL settings: " onerror=alert/XSS/ " The...
WordPress AddToAny Share Buttons plugin <= 1.7.45 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress AddToAny Share Buttons plugin versions = 1.7.45. Solution Update the WordPress AddToAny Share Buttons plugin to the latest available version at least 1.7.46...
AddToAny Share Buttons - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-039
This module enables you to add social media share buttons on your website to its content and pages. The module doesn't sufficiently mark its administration permission restricted, allowing cross site scripting vulnerabilities to users who have access to its admin settings. This vulnerability is...
WordPress AddToAny Share Buttons plugin <=1.7.14 - Conditional Host Header Injection vulnerability
Conditional Host Header Injection vulnerability found by Paul Dannewitz in WordPress AddToAny Share Buttons plugin. Vulnerable plugin version used Host header instead of homeurl thus allows custom Hostheader injection by crafted link, web cache poisoning and it may end up with sharing malicious...