CVE-2021-24656
Last modified
CVE-2021-24656 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wpbrigade | Simple Social Buttons | < 3.2.4 |
References
- https://wpscan.com/vulnerability/8e897dcc-6e52-440b-83ad-b119c55751c7Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/8e897dcc-6e52-440b-83ad-b119c55751c7Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-24656?
How severe is CVE-2021-24656?
How do I fix CVE-2021-24656?
Are you affected by CVE-2021-24656?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST