First published: Mon Mar 28 2022(Updated: )
The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Heateor Sassy Social Share | <3.3.40 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24746 is a vulnerability in the Social Sharing Plugin WordPress plugin before version 3.3.40 that allows for a Reflected Cross-Site Scripting (XSS) attack.
The severity of CVE-2021-24746 is medium with a CVSS score of 6.1.
CVE-2021-24746 affects the Social Sharing Plugin WordPress plugin versions up to and excluding 3.3.40.
To fix CVE-2021-24746, update the Social Sharing Plugin WordPress plugin to version 3.3.40 or later.
A Reflected Cross-Site Scripting (XSS) attack is a type of security vulnerability where an attacker injects malicious scripts into a website, which are then executed by the victim's browser.