Vulnerabilities and security researches forscriptless-social-sharing scriptless-social-sharing

Jun 06, 2024

CVE, Research URL: CVE-2023-0377
Home page URL: Security reports for Scriptless Social Sharing
Application: Scriptless Social Sharing
Date: Mar 06, 2023
Research Description: The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions: Min -, max -.
Status: vulnerable

Apr 18, 2025

CVE, Research URL: CVE-2025-39529
Home page URL: Security reports for Scriptless Social Sharing
Application: Scriptless Social Sharing
Date: Apr 16, 2025
Research Description: Scriptless Social Sharing [scriptless-social-sharing] < 3.3.0 CVE-2025-39529 [en] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin Cornett Scriptless Social Sharing allows Stored XSS. This issue affects Scriptless Social Sharing: from n/a through 3.2.4.
Affected versions: Min -, max -.
Status: vulnerable