2 matches found
CVE-2021-24616 AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting
The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24616
CVE-2021-24616 affects the WordPress AddToAny Share Buttons plugin prior to 1.7.48. The root cause is failure to escape the Image URL button setting, enabling Cross-Site Scripting (XSS) where high-privilege users could inject script, even if unfiltered_html is disallowed. Public sources (NVD, CNV...