CVE-2021-24656: XSS
First published: Mon Oct 11 2021(Updated: )
The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpbrigade Simple Social Buttons | <3.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-24656?
CVE-2021-24656 is a vulnerability found in the Simple Social Media Share Buttons WordPress plugin before version 3.2.4.
What is the severity of CVE-2021-24656?
The severity of CVE-2021-24656 is medium, with a severity value of 4.8.
How does CVE-2021-24656 affect the affected software?
CVE-2021-24656 affects the Simple Social Media Share Buttons plugin before version 3.2.4.
What is the CWE category of CVE-2021-24656?
CVE-2021-24656 falls under CWE category 79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
Is there a fix for CVE-2021-24656?
Yes, updating the Simple Social Media Share Buttons plugin to version 3.2.4 or higher will fix CVE-2021-24656.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- vendor/wpbrigade
- canonical/wpbrigade simple social buttons