Lucene search
ZhangyunpeiWPVDB-ID:BA372400-96F7-45A9-9E89-5984ECC4D1E2HistoryDec 07, 2022 - 12:00 a.m.
WP Social Sharing <= 2.2 - Admin+ Stored XSS
2022-12-0700:00:00
zhangyunpei
wpscan.com
10
wordpress
social sharing
xss
admin
stored cross-site scripting
0.001 Low
EPSS
Percentile
23.5%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PoC
1. Go to Settings ยป WP Social Sharing page of the plugin, enter the following payload into the input box named โDefault share imageโ: x" onerror=โalert(/XSS/)โ 2. Click โSave Changesโ and refresh the page to see the XSS popup.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-social-sharing | eq | * |
Related
cve
cve
CVE-2022-4198
2023-01-02 22:15:16
prion
prion
Cross site scripting
2023-01-02 22:15:00
wpexploit
wpexploit
WP Social Sharing <= 2.2 - Admin+ Stored XSS
2022-12-07 00:00:00
nvd
nvd
CVE-2022-4198
2023-01-02 22:15:16
cvelist
cvelist
CVE-2022-4198 WP Social Sharing <= 2.2 - Admin+ Stored XSS
2023-01-02 21:49:15
fedora
fedora
[SECURITY] Fedora 36 Update: OpenImageIO-2.3.21.0-1.fc36
2022-12-31 01:17:01
openvas
openvas
Fedora: Security Advisory for OpenImageIO (FEDORA-2022-e63bc3eca2)
2022-12-31 00:00:00
nessus
nessus
Fedora 36 : OpenImageIO (2022-e63bc3eca2)
2022-12-31 00:00:00
GLSA-202305-33 : OpenImageIO: Multiple Vulnerabilities
2023-05-30 00:00:00
gentoo
gentoo
OpenImageIO: Multiple Vulnerabilities
2023-05-30 00:00:00