CVE-2021-24656

Name of the Vulnerable Software and Affected Versions Simple Social Media Share Buttons WordPress plugin versions prior to 3.2.4

Description The issue allows high privilege users to perform Cross-Site Scripting attacks. This is due to the plugin not escaping the Share Title settings before outputting it in the frontend pages or posts, depending on the settings used. This issue can be exploited even when the unfiltered html capability is disallowed.

Recommendations For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Share Title settings to minimize the risk of exploitation.