CVE-2024-7556

The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-21499 · WordPress · The Simple Share Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Simple Share WordPress plugin versions 0.5.3 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

WordPress Wordpress Simple Share Plugin plugin <= 0.5.3 - Admin+ XSS vulnerability

Admin+ XSS vulnerability discovered by Amandeep Singh Banga in WordPress Plugin Simple Share versions = 0.5.3...

WordPress Simple Share Plugin <= 0.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Simple Share Type Plugin Vulnerable versions = 0.5.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7556 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8e1bd7bd32f7 Credits Amandeep Singh Banga Required...