WordPress Plugin Vulnerabilities

Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting

Description

The plugin does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.

Note: Vendor was notified on September 14th, 2021.

Proof of Concept

https://example.com/any-post/?a"><script>alert(/XSS/)</script>

Affects Plugins

Plugin icon
sassy-social-share
Fixed in 3.3.40

References

CVE
CVE-2021-24746

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Paul J. Martinez
Submitter
Paul J. Martinez
Submitter website
https://www.flickerbox.com/
Submitter twitter
pauljmartinez
Verified
Yes
WPVDB ID
99f4fb32-e312-4059-adaf-f4cbaa92d4fa

Timeline

Publicly Published
2022-03-15 (about 2 years ago)
Added
2022-03-15 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)

Other

Published
Title
Published
2023-08-28
Title
Locatoraid Store Locator < 3.9.24 - Reflected XSS
Published
2021-11-25
Title
Awesome Support < 6.0.7 - Reflected Cross-Site Scripting
Published
2015-02-11
Title
Easing Slider <= 2.2.0.6 - 2 x Cross-Site Scripting (XSS)
Published
2021-08-13
Title
Simple Popup Newsletter <= 1.4.7 - Reflected Cross-Site Scripting
Published
2024-03-25
Title
Jetpack < 13.2.1 - Contributor+ Stored XSS