VulnerAlert



WORDPRESS
07-06-2025 09:20

CVE-2025-5528 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#site
#plugin
#cross
#web
#form
#cross-site
#cross-site scripting
#attackers
#authenticated
#arbitrary
#vulnerable
#scripting
#inject
#execute
#attack
Descripción
The Social Sharing Plugin – Sassy Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due insufficient input sanitization output escaping. This makes it possible unauthenticated attackers inject arbitrary web scripts pages that execute if they can successfully trick a user into performing an action, such as clicking on link.
https://plugins.trac.wordpress.org/browser/sassy-social-share/tags/3.3.75/public/class-sassy-social-share-public.php#L1481
https://www.wordfence.com/threat-intel/vulnerabilities/id/99e922ec-d40a-47e7-a10f-d966a351d182?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-5528
Resultados similares
Coincidentes en almenos en 50% de los tags
07-06-2025 CVE-2025-5568
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pa...
Ver información
07-06-2025 CVE-2024-9994
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooComm...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por