Lucene search
WpvulndbWPVDB-ID:BEC5273A-8123-4421-9FBE-912D859B63D4HistorySep 26, 2022 - 12:00 a.m.
Social Media Follow Buttons Bar <= 4.73 - Admin+ Stored XSS
2022-09-2600:00:00
wpscan.com
11
social media
follow buttons
plugin
stored xss
xss
security
admin
privilege
user
escaping
sanitisation
multisite
unfiltered html
capability
EPSS
0.001
Percentile
22.7%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Related
prion
prion
Cross site scripting
2022-09-30 17:15:00
cvelist
cvelist
cve
cve
CVE-2021-36839
2022-09-30 17:15:11
nvd
nvd
CVE-2021-36839
2022-09-30 17:15:11
patchstack
patchstack