CVE-2021-24656
Simple Social Media Share Buttons < 3.2.4 - Authenticated Stored Cross-Site Scripting
The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Productos afectados
Unknown · Simple Social Media Share Buttons – Social Sharing for Everyone¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →