CVE-2022-4971
published 2024-10-16CVE-2022-4971: The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count'…
PriorityP276medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
15.44%
96.4th percentile
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| heateor | sassy_social_share | <= 3.3.3 | — |
| heateor | social_sharing_plugin_sassy_social_share | <= 3.3.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for unauthenticated POST/GET requests to WordPress AJAX endpoint (wp-admin/admin-ajax.php) with action=heateor_sss_sharing_count and a 'urls' parameter containing script injection payloads. ↗
- →Nuclei template fingerprints exploitation by checking response body for 'facebook_urls":' and content-type text/html with HTTP 200, indicating successful XSS payload reflection.
- ·Vulnerability affects Sassy Social Share plugin versions up to and including 3.3.3 only; patched versions are not affected. ↗
- ·The attack is unauthenticated and requires social engineering (tricking a user into clicking a crafted link) to trigger the reflected XSS. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2pwc-9576-pf85: The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_shari
ghsa_unreviewed·2024-10-16
CVE-2022-4971 [MEDIUM] CWE-79 GHSA-2pwc-9576-pf85: The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_shari
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
VulnCheck
Sassy Social Share plugin for WordPress heateor_sss_sharing_count AJAX Action Vulnerability
vulncheck·2022·CVSS 6.1
CVE-2022-4971 [MEDIUM] Sassy Social Share plugin for WordPress heateor_sss_sharing_count AJAX Action Vulnerability
Sassy Social Share plugin for WordPress heateor_sss_sharing_count AJAX Action Vulnerability
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected: Team Heateor Sassy Social Share plugin for WordPress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation R
No detection rules found.
Nuclei
Sassy Social Share <= 3.3.3 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-4971 [MEDIUM] Sassy Social Share <= 3.3.3 - Cross-Site Scripting
Sassy Social Share ]= HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body_2, "facebook_urls\":", "")'
- 'contains(content_type_2, "text/html")'
- 'status_code_2 == 200'
condition: and
# digest: 490a004630440220219e61ba3fc1703f60b1e19335c7c1fa159dab7d6b1022968bbdaadebfd7d23b02202d3b4f19421db71d34cb7e022bbc1338b1ef2201585e10606a7d764627bff622:922c64590222798bb761d5b6d8e72950
2024-10-16
Published
Exploited in the wild