The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-10-11T10:45:36

Updated: 2024-08-03T19:35:20.407Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24656

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-11T11:15:08.957

Modified: 2024-11-21T05:53:30.220

Link: CVE-2021-24656

cve-icon Redhat

No data.