Lucene search
K

79 matches found

Cvelist
Cvelist
added 2024/05/23 6:46 a.m.21 views

CVE-2024-3648 ShareThis Share Buttons <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via sharethis-inline-buttons Shortcode

The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sharethis-inline-button' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/23 12:0 a.m.10 views

WordPress ShareThis Share Buttons Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software ShareThis Share Buttons Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3648 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8b942c804f7 Credits Krzysztof Zając...

6.4CVSS5.8AI score0.00257EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.6 views

PT-2024-27021 · Sharethis · Sharethis Share Buttons

Name of the Vulnerable Software and Affected Versions: ShareThis Share Buttons plugin for WordPress versions up to, and including, 2.3.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'sharethis-inline-button' shortcode...

6.4CVSS6.9AI score0.00257EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/23 12:0 a.m.3 views

WordPress plugin ShareThis Share Buttons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...

6.4CVSS5.5AI score0.00257EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.14 views

ShareThis Share Buttons < 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sharethis-inline-buttons Shortcode

Description The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sharethis-inline-button' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/03/25 12:15 p.m.10 views

CVE-2022-45851

Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4...

5.4CVSS5.5AI score0.00465EPSS
Exploits0References1
CVE
CVE
added 2024/03/25 11:30 a.m.87 views

CVE-2022-45851

CVE-2022-45851 affects the WordPress ShareThis Dashboard for Google Analytics plugin up to version 3.1.4. The issue is described as a Missing Authorization (Broken Access Control) vulnerability. The connected sources indicate no patched version is available for versions through 3.1.4 (Patchstack ...

5.4CVSS5.2AI score0.00465EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/25 11:30 a.m.13 views

CVE-2022-45851 WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4...

5.4CVSS7AI score0.00465EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.4 views

WordPress Plugin ShareThis Dashboard for Google Analytics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6.4AI score0.00465EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.6 views

PT-2024-11726 · Sharethis · Sharethis Dashboard For Google Analytics

Name of the Vulnerable Software and Affected Versions: ShareThis Dashboard for Google Analytics versions through 3.1.4 Description: The issue is related to a Missing Authorization vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide ...

5.4CVSS6.9AI score0.00465EPSS
Exploits0References3
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.24 views

WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to plugin settings reset discovered by Dave Jong Patchstack in WordPress ShareThis Dashboard for Google Analytics plugin versions = 3.1.2. Solution No patched version available...

3.1AI score0.00465EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/09/03 12:0 a.m.12 views

WordPress ShareThis Dashboard for Google Analytics Plugin < 2.5.2 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.1CVSS7AI score0.00827EPSS
Exploits2References2
OSV
OSV
added 2021/08/30 3:15 p.m.2 views

CVE-2021-24438

The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'gaaction' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue...

6.1CVSS6.3AI score
Exploits0References1
NVD
NVD
added 2021/08/30 3:15 p.m.18 views

CVE-2021-24438

The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'gaaction' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue...

6.1CVSS0.00827EPSS
Exploits2References1
Prion
Prion
added 2021/08/30 3:15 p.m.17 views

Cross site scripting

The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'gaaction' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue...

4.3CVSS6.1AI score0.00827EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/08/30 2:11 p.m.72 views

CVE-2021-24438

The CVE concerns the WordPress plugin “ShareThis Dashboard for Google Analytics” (vulnerable:

6.1CVSS6AI score0.00827EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/08/30 2:11 p.m.27 views

CVE-2021-24438 ShareThis Dashboard for Google Analytics < 2.5.2 - Reflected Cross-Site Scripting (XSS)

The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'gaaction' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue...

6.2AI score0.00827EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/08/02 12:0 a.m.18 views

ShareThis Dashboard for Google Analytics < 2.5.2 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the 'gaaction' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in...

6.1CVSS0.6AI score0.00827EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/08/02 12:0 a.m.615 views

ShareThis Dashboard for Google Analytics < 2.5.2 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the 'gaaction' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in...

6.1CVSS0.4AI score0.00827EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.25 views

ShareThis 7.0.3 - Setting Manipulation CSRF

The share-this WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

6.8CVSS2.1AI score0.01178EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder