CVE-2021-24746

nvd nist nuclei

Published: Mar 28, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.

Affected (1)

Products: Heateor: Sassy Social Share

1 product

Sassy Social Share

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Heateor Sassy Social Share	Before 3.3.40

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.