First published: Mon Jan 16 2023(Updated: )
The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Heateor Sassy Social Share | <3.3.45 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-4451.
The severity of CVE-2022-4451 is medium with a CVSS score of 5.4.
The Social Sharing WordPress plugin before version 3.3.45 is affected by CVE-2022-4451.
CVE-2022-4451 allows users with low privileges, such as contributors, to perform Stored Cross-Site Scripting attacks.
To fix CVE-2022-4451, update the Social Sharing WordPress plugin to version 3.3.45 or later.