CVE-2021-24568

CVE-2021-24568: AddToAny < 1.7.46 - Authenticated Stored XSS

Vendor Unknown

Product AddToAny Share Buttons

Weakness CWE-79 · XSS

Published September 6, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

September 6, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24568

Related vulnerabilities

04Related CVE

CVE-2024-53772 WordPress Mail Picker plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability CVE-2022-1567 WP JS <= 2.0.6 - Reflected Cross-Site Scripting CVE-2022-2065 Cross-site Scripting (XSS) - Stored in neorazorx/facturascripts CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy CVE-2024-37248 WordPress Anima theme <= 1.4.1 - Cross Site Scripting (XSS) vulnerability