WordPress Social Media Share Buttons plugin <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Vulnerable versions
<= 3.8.1
PSID
cf86e8d15058
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-06-16
Patchstack vPatch available since
09.12.2021
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance) in WordPress Social Media Share Buttons plugin (versions <= 3.8.1).
Solution
No patched version available. No reply from the vendor.
References