Vulnerabilities > Shareaholic > Shareaholic
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-15 | CVE-2023-4889 | Cross-site Scripting vulnerability in Shareaholic The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2022-07-25 | CVE-2022-0594 | Incorrect Authorization vulnerability in Shareaholic The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. | 5.3 |
2015-04-14 | CVE-2014-9311 | Cross-site Scripting vulnerability in Shareaholic Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php. | 3.5 |