4 matches found
Simple Social Buttons < 3.2.0 - Reflected Cross-Site Scripting
Simple Social Buttons version 3.1.1 has a reflected Cross-Site Scripting vulnerability in the POST parameter "sharecounts". Both unauthenticated and authenticated attacks are possible Edit WPScanTeam The original report stated the issue as being fixed in 3.2.0, however a CSRF nonce has been added...
WordPress Simple Social Buttons 3.1.1 Cross Site Scripting
The WordPress plugin Simple Social Buttons version 3.1.1 a.k.a. Simple Social Media Share Buttons suffers from a reflected cross-site scripting vulnerability found by Mr.F. It was fixed in version 3.2.0: https://wordpress.org/plugins/simple-social-buttons/developers HTML POC: xss poc...
WordPress Simple Social Buttons Plugin 2.0.4 < 2.0.22 Privilege Escalation Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
Critical WordPress Plugin Flaw Allows Complete Website Takeover
A critical vulnerability in popular WordPress plugin Simple Social Buttons enables non-admin users to modify WordPress installation options – and ultimately take over websites. Simple Social Buttons enables users to add social-media sharing buttons to various locations of their websites. The plug...