Monitor free

Report

New Known

Verified

Fixed

WordPress Social Media Share Buttons plugin <= 3.8.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

3.4

CVSS 3.1 score Low severity

Report

Monitoring Not reported to be exploited

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

Social Media Share Buttons

Type

Plugin

Vulnerable versions

<= 3.8.4

Fixed in

3.8.5

PSID

cf86e8d15058

CVE ID

CVE-2021-36849

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Required privilege

Requires high role user authentication like admin.

Credits

Asif Nawaz Minhas (Patchstack Alliance)

Publicly disclosed

2022-06-16

Patchstack vPatch available since

09.12.2021

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance) in WordPress Social Media Share Buttons plugin (versions <= 3.8.4).

Solution

Update the WordPress Social Media Share Buttons plugin to the latest available version (at least 3.8.5).

References