WordPress · Social Sharing Plugin · CVE-2021-24746
**Name of the Vulnerable Software and Affected Versions**
Social Sharing Plugin WordPress plugin versions prior to 3.3.40
**Description**
The issue is related to a Reflected Cross-Site Scripting problem. It occurs when the "Enable 'More' icon" option is enabled, which is the default setting. The problem arises because the viewed post URL is not properly escaped before being outputted back in onclick attributes.
**Recommendations**
For versions prior to 3.3.40, update to version 3.3.40 or later to resolve the issue.