CVE-2021-24746

MEDIUM NUCLEI

WordPress Social Sharing Plugin <3.3.40 - XSS

Title source: llm

Description

The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.

Nuclei Templates (1)

WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting

MEDIUMby Supras

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa

Scores

CVSS v3 6.1

EPSS 0.0226

EPSS Percentile 84.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

heateor/sassy_social_share < 3.3.40

Published Mar 28, 2022

Tracked Since Feb 18, 2026