The Simple Share Buttons Adder plugin is a widely used tool for adding social sharing buttons to WordPress sites, with numerous active installations across the globe. While it offers a straightforward way to enhance website functionality, a critical vulnerability has been discovered that could jeopardize the security of websites using this plugin. Identified as CVE-2024-4094, this vulnerability allows for Stored Cross-Site Scripting (XSS) attacks, which can lead to serious security breaches, including the creation of backdoors for account takeovers.

PluginSimple Share Buttons Adder < 8.5.1
All Time4 117 662
Active installations60 000+
Publicly PublishedJune 9, 2024
Last UpdatedJune 9, 2024
ResearcherDmtirii Ignatyev
OWASP TOP-10A7: Cross-Site Scripting (XSS)
Plugin Security Certification by CleanTalk
Logo of the plugin


April 10, 2024Plugin testing and vulnerability detection in the Simple Share Buttons Adder have been completed
April 10, 2024I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
June 9, 2024Registered CVE-2024-4924

Discovery of the Vulnerability

The vulnerability was uncovered during a routine security assessment of the Simple Share Buttons Adder plugin. Researcher found that by leveraging the “Additional CSS” field in the plugin’s settings, an attacker with editor privileges could inject malicious JavaScript code. This malicious code can then execute arbitrary actions, such as taking over administrator accounts or creating persistent backdoors.

Understanding of Stored XSS attack’s

Cross-Site Scripting (XSS) is a common web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. In the context of WordPress, Stored XSS vulnerabilities are particularly dangerous because they allow attackers to embed harmful scripts that execute whenever a user interacts with the compromised element.

For example, consider a scenario where an attacker injects a script into a WordPress post’s content. Every time an admin or user views that post, the script executes, potentially stealing cookies, session tokens, or even modifying the site content to include more malicious code.

Exploiting the Stored XSS Vulnerability

To exploit this vulnerability, an attacker with editor privileges can navigate to the plugin’s settings and modify the “Additional CSS” field. By inserting a payload such as 123"></style><img src=x onerror=alert(1)>, the attacker can inject JavaScript that will execute whenever the settings are viewed or applied.


You should go to settings of the plugin. Change “Additional CSS” field to (123″></style><img src=x onerror=alert(1)>) -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)


The implications of this vulnerability are severe. If exploited, attackers could:

  • Take over admin accounts, gaining full control over the website.
  • Inject persistent backdoors, allowing them to regain access even after initial remediation efforts.
  • Execute arbitrary actions on behalf of administrators, including modifying content, installing plugins, or altering site configurations.

In a real-world scenario, this could lead to significant data breaches, defacement of websites, or even the complete loss of control over a WordPress site. Attackers could use the compromised sites as part of larger botnets or to distribute malware to visitors.

Recommendations for Improved Security

To mitigate the risks associated with CVE-2024-4094, website administrators should:

  • Immediately update the Simple Share Buttons Adder plugin to the latest version that addresses this vulnerability.
  • Regularly review and audit user roles and permissions to ensure that only trusted individuals have editor or higher privileges.
  • Implement a Web Application Firewall (WAF) to filter and block malicious traffic.
  • Use security plugins that offer XSS protection and monitor for unusual activities.

By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-4094, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.

#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #VeryHighVulnerability

Use CleanTalk solutions to improve the security of your website


Create your CleanTalk account

By signing up, you agree with license. Have an account? Log in.
CVE-2024-4094 – Simple Share Buttons Adder – Stored XSS to backdoor creation – POC

Leave a Reply

Your email address will not be published. Required fields are marked *