Lucene search
Lana CodesWPEX-ID:A28F52A4-FD57-4F46-8983-F34C71EC88D5HistoryDec 27, 2022 - 12:00 a.m.
Sassy Social Share < 3.3.45 - Contributor+ Stored XSS
2022-12-2700:00:00
Lana Codes
285
sassy social share
stored xss
shortcode
facebook icon
exploit
0.001 Low
EPSS
Percentile
23.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Insert the following shortcode in a post/page:
[Sassy_Follow_Icons social_networks="facebook" width='" onmouseover="alert(/XSS/)"']
The XSS will be triggered when previewing/viewing the post/page and moving the Mose over the Facebook icon
Related
cve
cve
CVE-2022-4451
2023-01-16 16:15:11
wpvulndb
wpvulndb
Sassy Social Share < 3.3.45 - Contributor+ Stored XSS
2022-12-27 00:00:00
nvd
nvd
CVE-2022-4451
2023-01-16 16:15:11
cvelist
cvelist
CVE-2022-4451 Sassy Social Share < 3.3.45 - Contributor+ Stored XSS
2023-01-16 15:38:06
openvas
openvas
WordPress Sassy Social Share Plugin < 3.3.45 XSS Vulnerability
2023-01-18 00:00:00
prion
prion
Cross site scripting
2023-01-16 16:15:00