CVE-2022-4835

Name of the Vulnerable Software and Affected Versions Social Sharing Toolkit WordPress plugin versions through 2.6

Description The issue concerns a lack of validation and escaping of some shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. These attacks could be used against high privilege users such as admins.

Recommendations For Social Sharing Toolkit WordPress plugin versions through 2.6, update to a version that properly validates and escapes shortcode attributes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the use of shortcodes by low-privilege users until a patch is available.