Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2026/01/07 9:19 a.m.8 views

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

4.7CVSS4.6AI score0.0048EPSS
Exploits3References1
nvd
nvd
added 2024/04/26 5:15 a.m.24 views

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

4.7CVSS5.5AI score0.0048EPSS
Exploits3References1
osv
osv
added 2024/04/26 5:15 a.m.5 views

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

4.7CVSS5.8AI score0.0048EPSS
Exploits3References1
cvelist
cvelist
added 2024/04/26 5:0 a.m.31 views

CVE-2024-2159 Sassy Social Share < 3.3.61 - Contributor+ Stored XSS

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

5.7AI score0.0048EPSS
Exploits3References1
patchstack
patchstack
added 2024/04/26 12:0 a.m.13 views

WordPress Sassy Social Share Plugin < 3.3.61 is vulnerable to Cross Site Scripting (XSS)

Software Sassy Social Share Type Plugin Vulnerable versions 3.3.61 Fixed in 3.3.61 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2159 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e895f7060f3 Credits Dmitrii Ignatyev...

4.7CVSS5.7AI score0.0048EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder