Vulnerabilities > Shareaholic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-4889 | Cross-site Scripting vulnerability in Shareaholic The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-04-24 | CVE-2022-41612 | Cross-site Scripting vulnerability in Shareaholic Similar Posts Auth. | 4.8 |
| 2022-07-25 | CVE-2022-0594 | Incorrect Authorization vulnerability in Shareaholic The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. | 5.3 |
| 2021-11-08 | CVE-2021-24537 | Unspecified vulnerability in Shareaholic Similar Posts The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin. | 7.2 |