CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

EUVD-2021-11658

Malware in sbrugna...

EUVD-2020-26772

Malware in sbrugna...

EUVD-2022-51795

Malicious code in bioql PyPI...

EUVD-2024-31820

Malicious code in bioql PyPI...

CVE-2025-7500

The Ocean Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via social icon titles in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

WordPress plugin Social Sharing Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2020-5611

Cross-site request forgery CSRF vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2024-11252

CVE-2024-11252 concerns the Social Sharing Plugin – Sassy Social Share for WordPress. The Red Hat and NVD entries describe a Reflected Cross-Site Scripting vulnerability in the heateor_mastodon_share parameter, affecting all versions up to and including 3.3.69. The issue stems from insufficient i...

WordPress Social Sharing (by Danny) plugin <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Social Sharing by Danny versions = 1.3.7...

CVE-2024-4924

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4924

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4924 Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-33377 · Unknown · Social Sharing Plugin

Name of the Vulnerable Software and Affected Versions: The Social Sharing Plugin versions prior to 3.3.63 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

WordPress plugin Social Sharing security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Social Sharing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

CVE-2024-2159 Sassy Social Share < 3.3.61 - Contributor+ Stored XSS

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

WordPress plugin Social Sharing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-1989

CVE-2024-1989 affects the WordPress Social Sharing Plugin – Sassy Social Share (up to v3.3.58). Root cause: insufficient input sanitization and output escaping on shortcode attributes (e.g., url), enabling stored XSS. Impact: authenticated attackers with contributor+ can inject scripts that execu...