Headline
CVE-2021-36839: WordPress Social Media Follow Buttons Bar plugin <= 4.73 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress.
Verified
Not fixed
4.8
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 4.73
PSID
6709934856e1
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-09-27
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance) in WordPress Social Media Follow Buttons Bar plugin (versions <= 4.73).
Solution
No patched version is available. No reply from the vendor.
References