CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

PhoneGap / Cordova Social Sharing plugin 安全漏洞

PhoneGap / Cordova Social Sharing plugin is a text file sharing plugin by Eddy Verbruggen Personal Developer. A security vulnerability exists in the PhoneGap / Cordova Social Sharing plugin version 6.0.4, which stems from the exported broadcast receiver not checking if Intent.EXTRACHOSENCOMPONENT...

CVE-2025-62722

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...

CVE-2025-62722

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...

CVE-2025-62722

CVE-2025-62722 concerns LinkAce, a self-hosted archive for collecting website links. The vulnerability is a Stored XSS in the social media sharing feature, arising from insufficient validation of the title field. Affected versions are 2.3.1 and earlier; when a user views a link’s details page and...

CVE-2025-62722 LinkAce: Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Feature

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...

LinkAce 跨站脚本漏洞

LinkAce is a self-hosted archive of links to your favorite websites. A cross-site scripting vulnerability exists in LinkAce 2.3.1 and prior versions, which stems from insufficient validation of title field input by the social media sharing feature and can be exploited by an attacker to cause a...

Digital Threat Modeling Under Authoritarianism

Today's world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments...

CVE-2024-53745

CVE-2024-53745 : WordPress plugin “소셜 공유 버튼 By 코스모스팜” (Cosmosfarm social share buttons) contains a Stored XSS due to improper neutralization of input during web page generation. Affected: Cosmosfarm social share button plugin (WordPress) versions n/a through 1.9. Impact as stated: cross-site scri...

CVE-2024-9704

The Social Sharing by Danny plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvksocialsharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

CVE-2024-9704

CVE-2024-9704 refers to the WordPress Social Sharing (by Danny) plugin, vulnerable up to version 1.3.7. Root cause: insufficient input sanitization and output escaping on the dvk_social_sharing shortcode, enabling stored XSS. Impact: authenticated users with contributor-level access and above can...

CVE-2024-3228 Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure

The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts...

CVE-2024-5449 WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...

WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing < 5.0.5 - Missing Authorization

Description The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up...

CVE-2023-47683 WordPress Social Login, Social Sharing by miniOrange plugin <= 7.6.6 - Authenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn allows Privilege Escalation.This issue affects WordPress Social Login and Register Discord, Google, Twitter, LinkedIn: from n/a through 7.6.6...

Cross site scripting

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

PT-2024-18971 · WordPress · Social Sharing Plugin

Name of the Vulnerable Software and Affected Versions: The Social Sharing Plugin WordPress plugin versions prior to 3.3.61 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to perform Stor...

DRUPAL-CONTRIB-2023-018

This module provides social media share & follow buttons. The module doesn't sufficiently check access to a node when retrieving the label of an AddToAny block. This vulnerability is mitigated by the fact it requires the node ID to be passed via the route, requiring another module or specific...

DRUPAL-CONTRIB-2023-006

This module enables you to add social sharing buttons to a site. The module doesn't sufficiently sanitize the weight and ratio values entered in the module or block configuration. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks"...

SUSE CVE-2022-4198

The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...