The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
History

Fri, 01 Nov 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Maxfoundry
Maxfoundry social Share Buttons
CPEs cpe:2.3:a:maxfoundry:social_share_buttons:*:*:*:*:*:wordpress:*:*
Vendors & Products Maxfoundry
Maxfoundry social Share Buttons

Sun, 20 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 19 Oct 2024 03:30:00 +0000

Type Values Removed Values Added
Description The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Title WordPress Social Share Buttons <= 1.19 - Reflected Cross-Site Scripting
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-10-19T03:09:51.461Z

Updated: 2024-10-20T13:41:56.394Z

Reserved: 2024-09-26T17:01:17.111Z

Link: CVE-2024-9219

cve-icon Vulnrichment

Updated: 2024-10-20T13:41:17.285Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-19T04:15:05.560

Modified: 2024-11-01T17:30:52.750

Link: CVE-2024-9219

cve-icon Redhat

No data.