First published: Mon Oct 11 2021(Updated: )
The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wpbrigade Simple Social Buttons | <3.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24656 is a vulnerability found in the Simple Social Media Share Buttons WordPress plugin before version 3.2.4.
The severity of CVE-2021-24656 is medium, with a severity value of 4.8.
CVE-2021-24656 affects the Simple Social Media Share Buttons plugin before version 3.2.4.
CVE-2021-24656 falls under CWE category 79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
Yes, updating the Simple Social Media Share Buttons plugin to version 3.2.4 or higher will fix CVE-2021-24656.