Vulnerability Details CVE-2024-10362
The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.9%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2024-10362
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:-
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.7.8
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.7.9
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.8.0
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.8.1
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.8.2
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.8.3
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.8.4
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.8.5
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.8.6
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.8.7
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.8.8
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.8.9
-
cpe:2.3:a:inisev:social_media_share_buttons_&_social_sharing_icons:2.9.0