Headline
CVE-2021-36849: WordPress Social Media Share Buttons plugin <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau’s Social Media Share Buttons plugin <= 3.8.1 at WordPress.
Verified
Not fixed
3.4
CVSS 3.1 score Low severity
Monitoring Coming soon
Vulnerable versions
<= 3.8.1
PSID
cf86e8d15058
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-06-16
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance) in WordPress Social Media Share Buttons plugin (versions <= 3.8.1).
Solution
No patched version available. No reply from the vendor.
References