Simple Social Media Share Buttons < 3.2.3 - Contributor+ Stored XSS

The Simple Social Media Share Buttons – Social Sharing for Everyone WordPress plugin before 3.2.3 did not escape the align and like_button_size parameters of its SSB shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

WordPress plugin 跨站脚本漏洞

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Simple Social Media Share Buttons Social Sharing for Everyone 3.2.3之前版本存在跨站脚本漏洞，该漏洞源于软件并没有对于其SSB短代码的align和like按钮大小参数进行有效的验证和转义，这可以允许

N/A

N/A