CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4451 – Sassy Social Share < 3.3.45 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4451
The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. El complemento Social Sharing de WordPress anterior a 3.3.45 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usuarios con un rol tan bajo como colaborador realizar ataques de cross site scripting almacenado que podrían usarse contra usuarios con privilegios elevados, como administradores. The Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via numerous shortcode attributes (such as 'title' and 'width') used in the 'follow_icons_shortcode' and 'sharing_shortcode' functions in versions up to, and including, 3.3.44 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/a28f52a4-fd57-4f46-8983-f34c71ec88d5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24746 – Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24746
The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue. El plugin Social Sharing Plugin de WordPress versiones anteriores a 3.3.40, no escapa la URL de la entrada visualizada antes de devolverla en los atributos onclick cuando la opción "Enable "More" icon'" está habilitada (que es la configuración por defecto), conllevando un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39321 – Sassy Social Share 3.3.23 PHP Object Injection
https://notcve.org/view.php?id=CVE-2021-39321
Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function. La versión 3.3.23 del plugin Sassy Social Share de WordPress es vulnerable a una inyección de objetos de PHP por medio de la acción AJAX wp_ajax_heateor_sss_import_config debido a una deserialización de entradas no validadas por el usuario por medio de la función import_config que se encuentra en el archivo ~/admin/class-sassy-social-share-admin.php. Esto puede ser explotado por usuarios autenticados no privilegiados debido a una falta de comprobación de capacidades en la función import_config • https://plugins.trac.wordpress.org/changeset/2600464/sassy-social-share/trunk/admin/class-sassy-social-share-admin.php https://www.wordfence.com/blog/2021/10/vulnerability-patched-in-sassy-social-share-plugin https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39321 • CWE-502: Deserialization of Untrusted Data CWE-863: Incorrect Authorization •