3 matches found
CVE-2024-12807
The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12807 Social Share Buttons for WordPress <= 2.7 - Admin+ Stored XSS
The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12807
The CVE-2024-12807 entry concerns the WordPress plugin Social Share Buttons for WordPress (versions ≤ 2.7). The issue is a Stored XSS due to the plugin not sanitising/escaping some settings, which could allow high-privilege users (e.g., admins) to execute stored scripts, including in multisite co...