Vulnerabilities and security researches forsassy-social-share sassy-social-share

Direction: descending

Jun 15, 2025

Social Sharing Plugin – Sassy Social Share # CVE-2025-5528

CVE, Research URL: CVE-2025-5528
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Jun 07, 2025
Research Description: The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Apr 25, 2025

Social Sharing Plugin – Sassy Social Share # CVE-2025-39404

CVE, Research URL: CVE-2025-39404
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Apr 24, 2025
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Heateor Support Sassy Social Share allows Phishing. This issue affects Sassy Social Share: from n/a through 3.3.73.
Affected versions: Min -, max -.
Status: vulnerable

Dec 03, 2024

Social Sharing Plugin – Sassy Social Share # CVE-2024-11252

CVE, Research URL: CVE-2024-11252
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Nov 30, 2024
Research Description: The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Oct 18, 2024

Social Sharing Plugin – Sassy Social Share # CVE-2022-4971

CVE, Research URL: CVE-2022-4971
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Oct 16, 2024
Research Description: The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jul 24, 2024

Social Sharing Plugin – Sassy Social Share # PSC-2024-64505

PSC, Research URL: PSC-2024-64505
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: -
Research Description: The “Sassy Social Share” plugin, a recipient of the Plugin Security Certification (PSC) from CleanTalk, offers a secure and comprehensive solution for adding social sharing capabilities to WordPress websites. With over 100,000 active installations, this plugin is celebrated for its extensive support of over 100 social sharing and bookmarking services, ensuring a versatile and user-friendly experience for website visitors.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED

Jun 07, 2024

Social Sharing Plugin – Sassy Social Share # CVE-2021-24746

CVE, Research URL: CVE-2021-24746
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Mar 28, 2022
Research Description: The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.
Affected versions: Min -, max -.
Status: vulnerable

Social Sharing Plugin – Sassy Social Share # CVE-2021-39321

CVE, Research URL: CVE-2021-39321
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Oct 22, 2021
Research Description: Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function.
Affected versions: Min -, max -.
Status: vulnerable

Social Sharing Plugin – Sassy Social Share # CVE-2024-4924

CVE, Research URL: CVE-2024-4924
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Jun 12, 2024
Research Description: The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable

Social Sharing Plugin – Sassy Social Share # CVE-2022-4451

CVE, Research URL: CVE-2022-4451
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Jan 16, 2023
Research Description: The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable

Social Sharing Plugin – Sassy Social Share # CVE-2024-1448

CVE, Research URL: CVE-2024-1448
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Feb 29, 2024
Research Description: The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Social Sharing Plugin – Sassy Social Share # CVE-2024-1989

CVE, Research URL: CVE-2024-1989
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Mar 06, 2024
Research Description: The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such as 'url'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Social Sharing Plugin – Sassy Social Share # CVE-2024-2159

CVE, Research URL: CVE-2024-2159
Home page URL: Security reports for Social Sharing Plugin – Sassy Social Share
Application: Social Sharing Plugin – Sassy Social Share
Date: Apr 26, 2024
Research Description: The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches forsassy-social-share sassy-social-share

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2025-5528

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2025-39404

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2024-11252

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2022-4971

Social Sharing Plugin &#8211; Sassy Social Share # PSC-2024-64505

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2021-24746

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2021-39321

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2024-4924

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2022-4451

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2024-1448

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2024-1989

Social Sharing Plugin &#8211; Sassy Social Share # CVE-2024-2159

Social Sharing Plugin – Sassy Social Share # CVE-2025-5528

Social Sharing Plugin – Sassy Social Share # CVE-2025-39404

Social Sharing Plugin – Sassy Social Share # CVE-2024-11252

Social Sharing Plugin – Sassy Social Share # CVE-2022-4971

Social Sharing Plugin – Sassy Social Share # PSC-2024-64505

Social Sharing Plugin – Sassy Social Share # CVE-2021-24746

Social Sharing Plugin – Sassy Social Share # CVE-2021-39321

Social Sharing Plugin – Sassy Social Share # CVE-2024-4924

Social Sharing Plugin – Sassy Social Share # CVE-2022-4451

Social Sharing Plugin – Sassy Social Share # CVE-2024-1448

Social Sharing Plugin – Sassy Social Share # CVE-2024-1989

Social Sharing Plugin – Sassy Social Share # CVE-2024-2159