Sassy Social Share < 3.3.61 – Contributor+ Stored XSS | CVE 2024-2159 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

As a contributor, put the below shortcode in a post, preview it and move the mouse over Pinterest icon in the the right bar to trigger the XSS

[Sassy_Social_Share type="floating" url='http://mywebsite.com/example.php"onmouseover="alert(1123123)"' align="right"]

Affects Plugins

sassy-social-share

Fixed in 3.3.61

References

CVE

URL

https://research.cleantalk.org/cve-2024-2159/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

d7fa9849-c82a-4efd-84b6-9245053975ba

Timeline

Publicly Published

2024-04-05 (about 1 months ago)

Added

2024-04-05 (about 1 months ago)

Last Updated

2024-04-25 (about 25 days ago)

Other

Published

Title

Published

2022-08-01

Title

Social Slider Feed < 2.0.5 - Reflected Cross-Site Scripting

Published

2012-05-04

Title

Redirection < 2.2.12 - XSS

Published

2014-08-01

Title

WP App Maker 1.0.16.4 - icons-launcher.php uid Parameter Reflected XSS

Published

2017-02-20

Title

rockhoist-badges 1.2.2 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2023-09-22

Title

Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Stored XSS