The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Sep 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Share-this-image
Share-this-image share This Image |
|
CPEs | cpe:2.3:a:share-this-image:share_this_image:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Share-this-image
Share-this-image share This Image |
Thu, 05 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mihail Barinov
Mihail Barinov share This Image |
|
CPEs | cpe:2.3:a:mihail_barinov:share_this_image:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mihail Barinov
Mihail Barinov share This Image |
|
Metrics |
ssvc
|
Thu, 05 Sep 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
Title | Share This Image <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode | |
Weaknesses | CWE-79 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-05T08:30:09.466Z
Updated: 2024-09-05T19:51:37.355Z
Reserved: 2024-08-30T22:27:35.051Z
Link: CVE-2024-8363
Vulnrichment
Updated: 2024-09-05T19:51:05.289Z
NVD
Status : Analyzed
Published: 2024-09-05T09:15:04.620
Modified: 2024-09-11T16:35:05.653
Link: CVE-2024-8363
Redhat
No data.