Heateor Sassy_social_share

10 CVEs affecting Heateor Sassy_social_share. Latest disclosed: 2025-06-07. Critical: 0, High: 1.

Top CVEs affecting Heateor Sassy_social_share
CVESeverityScorePublishedSummary
CVE-2021-39321High8.82021-10-21Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to de…
CVE-2024-1989Medium6.42024-03-06The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcod…
CVE-2024-1448Medium6.42024-02-29The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions…
CVE-2025-5528Medium6.12025-06-07The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in…
CVE-2024-11252Medium6.12024-11-30The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in…
CVE-2022-4971Medium6.12024-10-16The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count'…
CVE-2024-4924Medium6.12024-06-12The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as adm…
CVE-2021-24746Medium6.12022-03-28The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable '…
CVE-2022-4451Medium5.42023-01-16The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which…
CVE-2024-2159Medium4.72024-04-26The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/p…