4 matches found
CVE-2024-1959 Social Sharing Plugin – Social Warfare <= 4.4.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode in all versions up to, and including, 4.4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
CVE-2024-1959 Social Sharing Plugin – Social Warfare <= 4.4.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode in all versions up to, and including, 4.4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
CVE-2024-1959
The Social Warfare WordPress plugin is vulnerable to stored XSS via the socialWarfare shortcode in all versions up to 4.4.6.1 due to insufficient input sanitization/escaping. Exploitation requires contributor-level authentication; no user interaction is needed. The connected documents confirm the...
WordPress Social Warfare Plugin <= 4.4.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Social Warfare Type Plugin Vulnerable versions = 4.4.6.1 Fixed in 4.4.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1959 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4ca6fb05821 Credits Krzysztof Zając...