VYPR

Sassy Social Share

by WordPress

CVEs (4)

  • CVE-2021-39321HigOct 21, 2021
    risk 0.57cvss 8.8epss 0.02

    Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the…

  • CVE-2024-1989MedMar 6, 2024
    risk 0.42cvss 6.4epss 0.01

    The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user…

  • CVE-2024-1448MedFeb 29, 2024
    risk 0.42cvss 6.4epss 0.00

    The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2022-4971Oct 16, 2024
    risk 0.01cvss epss 0.15

    The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This…