WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Sassy Social Share < 3.3.45 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Proof of Concept

Insert the following shortcode in a post/page:

[Sassy_Follow_Icons social_networks="facebook" width='" onmouseover="alert(/XSS/)"']

The XSS will be triggered when previewing/viewing the post/page and moving the Mose over the Facebook icon

Affects Plugins

sassy-social-share
Fixed in version 3.3.45

References

CVE
CVE-2022-4451

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified

Yes

WPVDB ID
a28f52a4-fd57-4f46-8983-f34c71ec88d5

Timeline

Publicly Published

2022-12-27 (about 1 months ago)

Added

2022-12-21 (about 1 months ago)

Last Updated

2022-12-21 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin