Heateor Sassy Social Share — known CVE vulnerabilities
Every CVE whose affected-product data names Heateor Sassy Social Share, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2021-39321 — CVSS 8.8 (high): Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config…
CVE-2024-1989 — CVSS 6.4 (medium): The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-1448 — CVSS 6.4 (medium): The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2025-5528 — CVSS 6.1 (medium): The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the…
CVE-2022-4971 — CVSS 6.1 (medium): The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the…
CVE-2024-11252 — CVSS 6.1 (medium): The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the…
CVE-2024-4924 — CVSS 6.1 (medium): The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high…
CVE-2021-24746 — CVSS 6.1 (medium): The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick…
CVE-2022-4451 — CVSS 5.4 (medium): The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back…
CVE-2024-2159 — CVSS 4.7 (medium): The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting…