Lucene search

PatchstackCVELIST:CVE-2021-36849

HistoryJul 20, 2022 - 6:35 p.m.

CVE-2021-36849 WordPress Social Media Share Buttons plugin <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

2022-07-2018:35:29

CWE-79

Patchstack

www.cve.org

wordpress

social media share buttons

xss

vulnerability

authenticated

rené hermenau

CVSS3

3.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau’s Social Media Share Buttons plugin <= 3.8.1 at WordPress.

CNA Affected

[
  {
    "product": "Social Media Share Buttons | MashShare (WordPress plugin)",
    "vendor": "René Hermenau",
    "versions": [
      {
        "lessThanOrEqual": "3.8.1",
        "status": "affected",
        "version": "<= 3.8.1",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/mashsharer/wordpress-social-media-share-buttons-plugin-3-8-1-authenticated-stored-cross-site-scripting-xss-vulnerability

wordpress.org/plugins/mashsharer/#developers

CVSS3

3.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2021-36849