Sharethis : Security Vulnerabilities, CVEs, (XSS)
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4
Max CVSS
4.8
EPSS Score
0.05%
Published
2022-04-11
Updated
2022-04-15
The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
Max CVSS
6.1
EPSS Score
0.10%
Published
2021-08-30
Updated
2021-09-08
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
Max CVSS
6.8
EPSS Score
0.48%
Published
2014-07-03
Updated
2022-11-15
3 vulnerabilities found