Sassy Social Share <= 3.3.3 - Cross-Site Scripting

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2026-19596

Cross-Site Request Forgery CSRF vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0...

CVE-2026-2501

The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's socialshare shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Ed's Social Share plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Social Share versions = 2.0...

CVE-2026-2501

The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's socialshare shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-2501

CVE-2026-2501 : The Ed's Social Share WordPress plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s social_share shortcode in all versions up to and including 2.0. The root cause is insufficient input sanitization and output escaping on user-supplied attributes. This enables auth...

CVE-2026-2501

The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's socialshare shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-2501 Ed's Social Share <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's socialshare shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-26840

The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social share shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Ed s Social Share 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2023-54333

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the projectid parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entir...

CVE-2023-54333

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the projectid parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entir...

CVE-2023-54333

The vulnerability CVE-2023-54333 affects Social-Share-Buttons 2.2.3 (WordPress plugin). The issue is a SQL injection in the project_id parameter that can be exploited via crafted POST requests to manipulate database queries and potentially exfiltrate data. Public sources describe impact as unauth...

CVE-2023-54333 Social-Share-Buttons 2.2.3 - SQL Injection via project_id Parameter

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the projectid parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entir...

WordPress plugin Social-Share-Buttons SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

PT-2026-2423

Name of the Vulnerable Software and Affected Versions Social-Share-Buttons version 2.2.3 Description The software contains a SQL injection issue in the project id parameter. Attackers can exploit this by sending specially crafted POST requests with malicious SQL payloads to manipulate database...

CVE-2023-25044

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sumo Social Share Boost plugin = 4.4 versions...

CVE-2023-49189

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12...

CVE-2024-34807

Cross-Site Request Forgery CSRF vulnerability in CodeBard Fast Custom Social Share by CodeBard fast-custom-social-share-by-codebard.This issue affects Fast Custom Social Share by CodeBard: from n/a through = 1.1.2...

CVE-2025-64198

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 10.7.1...