CVE-2024-11252
Social Sharing Plugin – Sassy Social Share <= 3.3.69 - Reflected Cross-Site Scripting via heateor_mastodon_share ParameterThe Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
We have discovered 16,735 live websites that are affected by CVE-2024-11252.
Affected Software
| Product |  Sassy Social Share |
| Category | Wordpress Plugins |
| Vulnerable Domains | 16,735 live websites (100% of Sassy Social Share install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Nov 30, 2024
- Updated - Dec 1, 2024
Credits
- Michael Mazzolini (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-11252 United States | 5,757 websites |
 France | 1,047 websites |
 Italy | 1,001 websites |
 Germany | 920 websites |
 GB | 658 websites |
 Russia | 656 websites |
 India | 567 websites |
 Spain | 555 websites |
 Brazil | 377 websites |
 Poland | 286 websites |
Website Distribution by TLD
Number of websites using CVE-2024-11252| .com | 7,410 websites |
| .ru | 1,243 websites |
| .org | 890 websites |
| .it | 734 websites |
| .net | 431 websites |
| .fr | 335 websites |
| .com.br | 335 websites |
| .co.uk | 265 websites |
| .de | 250 websites |
| .es | 222 websites |
Websites affected by CVE-2024-11252
Top websites that are affected by CVE-2024-11252. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | **,*** | |
| ****************.com | United States | **,*** | |
| ***************.org | United States | **,*** | |
| **********.com | United States | **,*** | |
| *****.app |  Bulgaria | **,*** | |
| ***.***.br | Brazil | **,*** | |
| *************.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| ***.**.th |  Thailand | **,*** | |
| *********.org | United States | **,*** |
FAQ
CVE-2024-11252 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Sassy Social Share
A total of 16,735 websites have been identified as vulnerable to CVE-2024-11252, based on global website indexing conducted by WebTechSurvey.
The Sassy Social Share is affected by the CVE-2024-11252 vulnerability.
Sassy Social Share versions up to and including 3.3.69 are vulnerable to CVE-2024-11252.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3d065c2a-da7d-469a-b57d-f2fd5b760ff4?source=cve
- https://plugins.trac.wordpress.org/browser/sassy-social-share/tags/3.3.69/public/class-sassy-social-share-public.php#L1478
- https://plugins.trac.wordpress.org/browser/sassy-social-share/tags/3.3.69/public/class-sassy-social-share-public.php#L1481