Welcome to WordPress Community Forum. Please login or sign up.

Mar 29, 2024, 10:56 AM

Login with username, password and session length

Shoutbox


Recent

Members
Stats
  • Total Posts: 55
  • Total Topics: 45
  • Online today: 6
  • Online ever: 136 (Apr 17, 2022, 11:37 PM)
Users Online
  • Users: 0
  • Guests: 3
  • Total: 3
3 Guests, 0 Users

WordPress Social Media Share Buttons plugin <= 3.8.1 - XSS Vulnerability

Started by Kailash, Jun 16, 2022, 06:22 AM

Previous topic - Next topic

WordPress Premium Themes


Kailash

WordPress Social Media Share Buttons | MashShare plugin <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Plugin name: Social Media Share Buttons | MashShare
Vulnerable versions: <= 3.8.1
Fixed in: N/A
CVE ID: CVE-2021-36849
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-16

Vulnerability Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance) in WordPress Social Media Share Buttons plugin (versions <= 3.8.1).

Solution

No patched version available hence it is recommended to disable and delete this plugin until an update is available to address this.

Plugin Link: https://wordpress.org/plugins/mashsharer/

WordPress Premium Themes