Vulnerabilities and security researches forsimple-share-buttons-adder simple-share-buttons-adder

Jun 06, 2024

PSC, Research URL: PSC-2024-18257
Home page URL: Security reports for Simple Share Buttons Adder
Application: Simple Share Buttons Adder
Date: Aug 05, 2025
Research Description: The “Simple Share Buttons Adder” plugin, version 8.5.1, has earned the esteemed Plugin Security Certification (PSC) from CleanTalk, guaranteeing superior security for its users. This certification represents a crucial achievement in the plugin’s dedication to offering a secure, reliable, and user-friendly solution for adding customizable social share buttons to WordPress websites.
Affected versions: Min 8.5.1, max 8.5.1.
Status: SAFE & CERTIFIED

Jun 07, 2024

CVE, Research URL: CVE-2015-9303
Home page URL: Security reports for Simple Share Buttons Adder
Application: Simple Share Buttons Adder
Date: Aug 12, 2019
Research Description: The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS.
Affected versions: max 6.0.1.
Status: vulnerable

CVE, Research URL: CVE-2014-4717
Home page URL: Security reports for Simple Share Buttons Adder
Application: Simple Share Buttons Adder
Date: Jul 03, 2014
Research Description: Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
Affected versions: max 4.5.
Status: vulnerable

CVE, Research URL: CVE-2024-0621
Home page URL: Security reports for Simple Share Buttons Adder
Application: Simple Share Buttons Adder
Date: Feb 29, 2024
Research Description: The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 8.4.12.
Status: vulnerable

CVE, Research URL: CVE-2022-47178
Home page URL: Security reports for Simple Share Buttons Adder
Application: Simple Share Buttons Adder
Date: May 25, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions.
Affected versions: max 4.5.
Status: vulnerable

Jun 17, 2024

CVE, Research URL: CVE-2024-4094
Home page URL: Security reports for Simple Share Buttons Adder
Application: Simple Share Buttons Adder
Date: Jun 18, 2024
Research Description: The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected versions: max 3.5.1.
Status: vulnerable