Simple Social Buttons < 3.2.0 - Reflected Cross-Site Scripting
Simple Social Buttons version 3.1.1 has a reflected Cross-Site Scripting vulnerability in the POST parameter "share_counts". Both unauthenticated and authenticated attacks are possible
The original report stated the issue as being fixed in 3.2.0, however a CSRF nonce has been added instead of sanitisation/validation, so could still be used to attack unauthenticated users as they will all have the same nonce. A separate advisory has been created for it.