CVE-2024-11252
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-11252 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Sassy Social Share plugin for WordPress. Versions up to and including 3.3.69 are impacted by this issue. The vulnerability arises due to insufficient input sanitization and output escaping in the heateor_mastodon_share parameter. Unauthenticated attackers can exploit this flaw by tricking users into performing specific actions, such as clicking on a maliciously crafted link, to inject arbitrary web scripts into pages. This can lead to data theft, session hijacking, or other malicious activities. Users are advised to update to the latest version of the plugin to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.