Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.7 views

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

4.7CVSS4.6AI score0.0048EPSS
Exploits3References1
OSV
OSV
added 2024/04/26 5:15 a.m.4 views

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

4.7CVSS5.8AI score0.0048EPSS
Exploits3References1
NVD
NVD
added 2024/04/26 5:15 a.m.23 views

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

4.7CVSS5.5AI score0.0048EPSS
Exploits3References1
Cvelist
Cvelist
added 2024/04/26 5:0 a.m.29 views

CVE-2024-2159 Sassy Social Share < 3.3.61 - Contributor+ Stored XSS

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

5.7AI score0.0048EPSS
Exploits3References1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.12 views

WordPress Sassy Social Share Plugin < 3.3.61 is vulnerable to Cross Site Scripting (XSS)

Software Sassy Social Share Type Plugin Vulnerable versions 3.3.61 Fixed in 3.3.61 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2159 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e895f7060f3 Credits Dmitrii Ignatyev...

4.7CVSS5.7AI score0.0048EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder