Show filters
50 Total Results
Displaying 21-30 of 50
Sort by:
Attacker Value
Unknown
CVE-2024-31109
Disclosure Date: April 02, 2024 (last updated April 03, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0.
0
Attacker Value
Unknown
CVE-2024-30196
Disclosure Date: March 27, 2024 (last updated January 05, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appscreo Easy Social Share Buttons allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 9.4.
0
Attacker Value
Unknown
CVE-2024-2721
Disclosure Date: March 20, 2024 (last updated January 05, 2025)
Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0.
0
Attacker Value
Unknown
CVE-2024-1685
Disclosure Date: March 16, 2024 (last updated April 01, 2024)
The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
0
Attacker Value
Unknown
CVE-2023-6878
Disclosure Date: January 11, 2024 (last updated January 19, 2024)
The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.
0
Attacker Value
Unknown
CVE-2023-49189
Disclosure Date: December 15, 2023 (last updated December 22, 2023)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12.
0
Attacker Value
Unknown
CVE-2023-5845
Disclosure Date: November 27, 2023 (last updated December 02, 2023)
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
0
Attacker Value
Unknown
CVE-2023-29428
Disclosure Date: November 10, 2023 (last updated November 16, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <= 1.1.3 versions.
0
Attacker Value
Unknown
CVE-2023-5602
Disclosure Date: October 20, 2023 (last updated October 30, 2023)
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
0
Attacker Value
Unknown
CVE-2023-5070
Disclosure Date: October 20, 2023 (last updated October 28, 2023)
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.
0