Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total8
Critical0
High1
Medium7
Reset
Showing 1-8 of 8 records
Threat Entry Updated 2025-07-14

CVE-2025-5528 - Sassy Social Share Plugin

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.

PLUGIN Sassy Social Share

CVE-2025-5528

MEDIUM CVSS 6.1 2025-06-07
Open Full Technical Breakdown
Threat Entry Updated 2025-07-09

CVE-2024-11252 - Sassy Social Share Plugin

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Sassy Social Share

CVE-2024-11252

MEDIUM CVSS 6.1 2024-11-30
Open Full Technical Breakdown
Threat Entry Updated 2025-05-30

CVE-2024-4924 - Sassy Social Share Plugin

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Sassy Social Share

CVE-2024-4924

MEDIUM CVSS 6.1 2024-06-12
Open Full Technical Breakdown
Threat Entry Updated 2025-05-08

CVE-2024-2159 - Sassy Social Share Plugin

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

PLUGIN Sassy Social Share

CVE-2024-2159

MEDIUM CVSS 4.7 2024-04-26
Open Full Technical Breakdown
Threat Entry Updated 2025-03-11

CVE-2024-1989 - Sassy Social Share Plugin

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such as 'url'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Sassy Social Share

CVE-2024-1989

MEDIUM CVSS 6.4 2024-03-06
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-1448 - Sassy Social Share Plugin

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Sassy Social Share

CVE-2024-1448

MEDIUM CVSS 6.4 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24746 - Sassy Social Share Plugin

The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.

PLUGIN Sassy Social Share

CVE-2021-24746

MEDIUM CVSS 6.1 2022-03-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-39321 - Sassy Social Share Plugin

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function.

PLUGIN Sassy Social Share

CVE-2021-39321

HIGH CVSS 8.8 2021-10-21
Open Full Technical Breakdown
Scroll to top