WordPress Plugin Vulnerabilities

Simple Social Media Share Buttons < 3.2.4 - Authenticated Stored Cross-Site Scripting

Description

The plugin does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload <svg onload=alert(/XSS/)> in the Share Title settings of the plugin (with at least one Social Buttons Designs enabled)

The XSS will be triggered depending on the Post type Settings selected (like just homepage, posts, pages etc)

Affects Plugins

Plugin icon
simple-social-buttons
Fixed in 3.2.4

References

CVE
CVE-2021-24656
URL
https://www.hackpertise.com/cve/17-cve-2021-24656/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Asif Nawaz Minhas
Submitter
Asif Nawaz Minhas
Verified
Yes
WPVDB ID
8e897dcc-6e52-440b-83ad-b119c55751c7

Timeline

Publicly Published
2021-09-13 (about 2 years ago)
Added
2021-09-13 (about 2 years ago)
Last Updated
2023-04-12 (about 1 years ago)

Other

Published
Title
Published
2024-04-25
Title
Easy Set Favicon <= 1.1 - Reflected Cross-Site Scripting
Published
2024-03-22
Title
EmbedPress < 3.9.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Attribute
Published
2023-10-25
Title
VK Filter Search < 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2017-11-08
Title
Ultimate Instagram Feed <= 1.3 - Authenticated Cross-Site Scripting (XSS)
Published
2024-03-25
Title
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin < 1.26.3 - Authenticated (Contributor+) Stored Cross-Site Scripting