Vulnerability | WordPress.org

Resolved Celestial Petals
(@celestial-petals)

8 months, 2 weeks ago

The Scriptless Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Will there an update providing a fix for this?

Viewing 2 replies - 1 through 2 (of 2 total)

Chad Warner
(@chad-warner)

8 months, 2 weeks ago

There are other support threads about this. Unfortunately, the plugin author hasn’t replied for two weeks.

https://wordpress.org/support/topic/3-3-0-still-vulnerable/

https://wordpress.org/support/topic/vulnerability-found-by-wordfence-2/

https://wordpress.org/support/topic/xxs-vulnerability/

Plugin Author Robin Cornett
(@littlerchicken)

8 months, 1 week ago

My apologies for the delay. I’ve just released 3.3.1 with a confirmed fix.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Vulnerability’ is closed to new replies.

Tags

xss

3 replies
3 participants
Last reply from: Robin Cornett
Last activity: 8 months, 1 week ago
Status: resolved