VYPR

Social Sharing Plugin

by WordPress

CVEs (5)

  • CVE-2020-5611HigJul 27, 2020
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2024-4924MedJun 12, 2024
    risk 0.40cvss 6.1epss 0.00

    The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2021-24746MedMar 28, 2022
    risk 0.40cvss 6.1epss 0.02

    The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.

  • CVE-2024-3228MedJul 9, 2024
    risk 0.34cvss 5.3epss 0.00

    The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts.

  • CVE-2024-2159MedApr 26, 2024
    risk 0.31cvss 4.7epss 0.00

    The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…