cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11252,https://securityvulnerability.io/vulnerability/CVE-2024-11252,Unintentional Cross-Site Scripting Vulnerability in Sassy Social Share Plugin,"The Sassy Social Share plugin for WordPress is subject to a vulnerability stemming from inadequate input sanitization and output escaping techniques. Specifically, the issue resides in the handling of the 'heateor_mastodon_share' parameter, present in all versions up to and including 3.3.69. This vulnerability permits unauthenticated attackers to inject arbitrary web scripts into web pages. If users can be manipulated into interacting with a malicious link, these scripts can execute in their browsers, posing significant security risks to web users and compromising the integrity of sites utilizing the plugin.",Wordpress,Social Sharing Plugin – Sassy Social Share,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-30T05:41:11.487Z,0
CVE-2022-4971,https://securityvulnerability.io/vulnerability/CVE-2022-4971,Reflected Cross-Site Scripting Vulnerability Affects WordPress Users,"The Sassy Social Share plugin for WordPress is susceptible to a Reflected Cross-Site Scripting flaw through the 'urls' parameter during the 'heateor_sss_sharing_count' AJAX action. The vulnerability arises from inadequate input sanitization and output escaping, enabling unauthenticated attackers to inject arbitrary scripts into web pages. If a user interacts with a manipulated element, such as clicking a link, these scripts may execute in their browser context, potentially leading to malicious actions and compromised user data. Users and administrators should ensure they are running the latest version of the plugin to mitigate this risk.",Wordpress,Social Sharing Plugin – Sassy Social Share,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-10-16T06:43:35.013Z,0
CVE-2024-1989,https://securityvulnerability.io/vulnerability/CVE-2024-1989,Sassy Social Share Plugin Vulnerable to Stored Cross-Site Scripting,"The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such as 'url'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Social Sharing Plugin – Sassy Social Share,6.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-03-06T05:33:24.390Z,0
CVE-2024-1448,https://securityvulnerability.io/vulnerability/CVE-2024-1448,Stored Cross-Site Scripting in Sassy Social Share Plugin for WordPress,"The Sassy Social Share plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate sanitization of user-supplied attributes in its shortcode functionality. This vulnerability can be exploited by authenticated users with contributor-level permissions or higher. Attackers can inject malicious scripts, which will execute whenever a user accesses the affected pages, posing serious security risks to the site's users and data integrity.",Wordpress,Social Sharing Plugin – Sassy Social Share,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2021-24746,https://securityvulnerability.io/vulnerability/CVE-2021-24746,Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting,"The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the ""Enable 'More' icon"" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.",Wordpress,Social Sharing Plugin – Sassy Social Share,6.1,MEDIUM,0.0011699999449774623,false,,false,false,false,,false,false,2022-03-28T17:20:47.000Z,0