Sassy Social Share < 3.3.45 – Contributor+ Stored XSS | CVE 2022-4451 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Proof of Concept

Insert the following shortcode in a post/page:

[Sassy_Follow_Icons social_networks="facebook" width='" onmouseover="alert(/XSS/)"']

The XSS will be triggered when previewing/viewing the post/page and moving the Mose over the Facebook icon

Affects Plugins

sassy-social-share

Fixed in 3.3.45

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

a28f52a4-fd57-4f46-8983-f34c71ec88d5

Timeline

Publicly Published

2022-12-27 (about 1 years ago)

Added

2022-12-21 (about 1 years ago)

Last Updated

2022-12-21 (about 1 years ago)

Other

Published

Title

Published

2023-03-21

Title

Userlike – WordPress Live Chat < 2.3 - Admin+ Stored Cross-Site Scripting

Published

2023-07-26

Title

User Email Verification for WooCommerce <= 3.5.0 - Reflected XSS

Published

2023-09-04

Title

WxSync <= 2.7.23 - Contributor+ Stored XSS

Published

2024-04-29

Title

Where Did You Hear About Us Checkout Field for WooCommerce < 1.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

Published

2024-04-26

Title

Filterable Portfolio <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting