Vulnerabilities and security researches forshare-this-image share-this-image

Jun 07, 2024

CVE, Research URL: CVE-2017-18015
Home page URL: Security reports for Share This Image
Application: Share This Image
Date: Jan 02, 2018
Research Description: The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter.
Affected versions: max 1.67.
Status: vulnerable

CVE, Research URL: CVE-2024-33930
Home page URL: Security reports for Share This Image
Application: Share This Image
Date: May 02, 2024
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97.
Affected versions: max 1.99.
Status: vulnerable

Sep 01, 2024

CVE, Research URL: CVE-2024-8108
Home page URL: Security reports for Share This Image
Application: Share This Image
Date: Aug 31, 2024
Research Description: The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.02.
Status: vulnerable

Sep 06, 2024

CVE, Research URL: CVE-2024-8363
Home page URL: Security reports for Share This Image
Application: Share This Image
Date: Sep 05, 2024
Research Description: The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.03.
Status: vulnerable

Sep 18, 2024

CVE, Research URL: CVE-2024-8761
Home page URL: Security reports for Share This Image
Application: Share This Image
Date: Sep 17, 2024
Research Description: The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Affected versions: max 2.04.
Status: vulnerable

Sep 29, 2024

CVE, Research URL: CVE-2024-47326
Home page URL: Security reports for Share This Image
Application: Share This Image
Date: Oct 06, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Share This Image allows Reflected XSS.This issue affects Share This Image: from n/a through 2.01.
Affected versions: max 2.02.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Share This Image
Application: Share This Image
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 1.67.
Status: vulnerable

Feb 28, 2026

CVE, Research URL: CVE-2026-25010
Home page URL: Security reports for Share This Image
Application: Share This Image
Date: Feb 03, 2026
Research Description: Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09.
Affected versions: max 2.09.
Status: vulnerable