Heateor Social Sharing Plugin Sassy Social Share vulnerabilities

5 known vulnerabilities affecting heateor/social_sharing_plugin_sassy_social_share.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2025-5528MEDIUMCVSS 6.1≤ 3.3.752025-06-07
CVE-2025-5528 [MEDIUM] CWE-79 CVE-2025-5528: The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page
cvelistv5nvd
CVE-2024-11252MEDIUMCVSS 6.1≤ 3.3.692024-11-30
CVE-2024-11252 [MEDIUM] CWE-79 CVE-2024-11252: The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pa
cvelistv5nvd
CVE-2022-4971MEDIUMCVSS 6.1PoC≤ 3.3.32024-10-16
CVE-2022-4971 [MEDIUM] CWE-79 CVE-2022-4971: The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script
cvelistv5nvd
CVE-2024-1989MEDIUMCVSS 5.4≤ 3.3.582024-03-06
CVE-2024-1989 [MEDIUM] CWE-79 CVE-2024-1989: The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Si The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such as 'url'. This makes it possible for authenticated attac
cvelistv5nvd
CVE-2024-1448MEDIUMCVSS 6.4≤ 3.3.562024-02-29
CVE-2024-1448 [MEDIUM] CWE-79 CVE-2024-1448: The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Si The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and
cvelistv5nvd