← back
CVE-2021-24746

Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting

EPSS 2.2%CWE-79
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 2.2%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
28 Mar 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.
Affected products
Unknown · Social Sharing Plugin – Sassy Social Share

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa