Sassy Social Share Security Vulnerabilities and Issues — Sassy Social Share CVE List

Lucene search

HeateorSassy Social Share

10 matches found

CVE•added 2022/03/28 6:15 p.m.•84 views

CVE-2021-24746

The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.

6.1CVSS6AI score0.04002EPSS

CVE•added 2023/01/16 4:15 p.m.•77 views

CVE-2022-4451

The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.4CVSS5.3AI score0.00112EPSS

CVE•added 2024/04/26 5:15 a.m.•67 views

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

4.7CVSS8AI score0.00249EPSS

CVE•added 2024/02/29 1:43 a.m.•57 views

CVE-2024-1448

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...

6.4CVSS6AI score0.00148EPSS

CVE•added 2024/06/12 6:15 a.m.•51 views

CVE-2024-4924

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

6.1CVSS5.8AI score0.00313EPSS

CVE•added 2021/10/21 8:15 p.m.•47 views

CVE-2021-39321

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php fil...

8.8CVSS8.7AI score0.00874EPSS

CVE•added 2024/03/06 6:15 a.m.•45 views

CVE-2024-1989

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such a...

6.4CVSS6AI score0.00104EPSS

CVE•added 2024/10/16 7:15 a.m.•43 views

CVE-2022-4971

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for ...

6.1CVSS6AI score0.00091EPSS

CVE•added 2025/06/07 12:15 p.m.•42 views

CVE-2025-5528

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti...

6.1CVSS6AI score0.00116EPSS

CVE•added 2024/11/30 6:15 a.m.•41 views

CVE-2024-11252

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti...

6.1CVSS6AI score0.27437EPSS