CVE-2021-24746
MEDIUM NUCLEIWordPress Social Sharing Plugin <3.3.40 - XSS
Title source: llmExploitation Summary
CVE-2021-24746 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.
Nuclei Templates (1)
WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
MEDIUMby Supras
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa
Scores
CVSS v3
6.1
EPSS
0.0224
EPSS Percentile
80.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
heateor/sassy_social_share
< 3.3.40
Published
Mar 28, 2022
Tracked Since
Feb 18, 2026