Heateor Sassy_social_share
10 CVEs affecting Heateor Sassy_social_share. Latest disclosed: 2025-06-07. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-39321 | High | 8.8 | 2021-10-21 | Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to de… |
CVE-2024-1989 | Medium | 6.4 | 2024-03-06 | The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcod… |
CVE-2024-1448 | Medium | 6.4 | 2024-02-29 | The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions… |
CVE-2025-5528 | Medium | 6.1 | 2025-06-07 | The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in… |
CVE-2024-11252 | Medium | 6.1 | 2024-11-30 | The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in… |
CVE-2022-4971 | Medium | 6.1 | 2024-10-16 | The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count'… |
CVE-2024-4924 | Medium | 6.1 | 2024-06-12 | The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as adm… |
CVE-2021-24746 | Medium | 6.1 | 2022-03-28 | The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable '… |
CVE-2022-4451 | Medium | 5.4 | 2023-01-16 | The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which… |
CVE-2024-2159 | Medium | 4.7 | 2024-04-26 | The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/p… |