2 matches found
CVE-2024-4094
CVE-2024-4094 affects the WordPress plugin Simple Share Buttons Adder (before 8.5.1). The issue arises because the plugin does not sanitize/escape certain settings, enabling stored XSS by high-privilege users (e.g., admins/editors). Impact is an authenticated admin-level stored cross-site scripti...
CVE-2014-4717
CVE-2014-4717 affects the WordPress plugin “Simple Share Buttons Adder” (versions prior to 4.5). The issue comprises multiple CSRF vulnerabilities that allow remote attackers to hijack administrator sessions and trigger stored XSS via the ssba_share_text parameter in a save action to wp-admin/opt...