2 matches found
CVE-2021-24656
The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts depending on the settings used, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml...
CVE-2021-24656
CVE-2021-24656 affects the WordPress plugin Simple Social Media Share Buttons (pre-3.2.4). The issue is an XSS vulnerability where the Share Title setting is not escaped before output to frontend, enabling authenticated, high-privilege users to trigger Cross-Site Scripting. Public exploit details...