CVE-2024-12807

Summary

CVE-2024-12807 is a vulnerability affecting the Social Share Buttons for WordPress plugin before version 2.8. This issue allows high privilege users, including admins, to execute Stored Cross-Site Scripting (XSS) attacks, bypassing the unfiltered_html capability restriction, even in multisite setups. The plugin fails to sanitize and escape certain settings, enabling attackers to inject malicious scripts into the website, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.