Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting | CVE 2024-4924

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Go to the plugin's settings.
2. Change "Right offset" field to: 123;alert(1);//
3. Save settings.

Affects Plugins

sassy-social-share

Fixed in 3.3.63

References

CVE

CVE-2024-4924

URL

https://research.cleantalk.org/cve-2024-4924/

YouTube Video

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

1867505f-d112-4919-9fd5-01745aa0433e

Timeline

Publicly Published

2024-05-22 (about 1 months ago)

Added

2024-05-22 (about 1 months ago)

Last Updated

2024-05-22 (about 1 months ago)

Other

Published

Title

Published

2024-05-06

Title

Corona Virus (COVID-19) Banner & Live Data <= 1.8.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2022-06-21

Title

CDI < 5.1.9 - Reflected Cross-Site-Scripting

Published

2023-03-14

Title

Tags Cloud Manager <= 1.0.0 - Reflected XSS

Published

2021-06-13

Title

WP DoNotTrack <= 0.8.8 - Authenticated (admin+) Stored XSS

Published

2020-12-12

Title

Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting