← volver
CVE-2021-24746

Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting

EPSS 2.2%CWE-79
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS EPSS 2.2%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
28 mar 2022Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.
Productos afectados
Unknown · Social Sharing Plugin – Sassy Social Share

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa