VYPR

Shareaholic

by Shareaholic

Source repositories

CVEs (2)

  • CVE-2023-4889MedNov 15, 2023
    risk 0.35cvss 6.4epss 0.00

    The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…

  • CVE-2014-9311Apr 14, 2015
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.