CVE-2024-2159
Sassy Social Share < 3.3.61 - Contributor+ Stored XSSThe Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
We have discovered 15,939 live websites that are affected by CVE-2024-2159.
Affected Software
| Product |  Sassy Social Share |
| Category | Wordpress Plugins |
| Vulnerable Domains | 15,939 live websites (33.41% of Sassy Social Share install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 111 versions ( 89.52% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Apr 26, 2024
- Updated - Oct 30, 2024
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2024-2159 usage by Country
 United States | 6,488 websites |
 France | 1,170 websites |
 Germany | 1,140 websites |
 Russia | 562 websites |
 Italy | 524 websites |
 GB | 503 websites |
 Spain | 493 websites |
 Cyprus | 297 websites |
 Brazil | 270 websites |
 Poland | 264 websites |
CVE-2024-2159 usage by TLD
| .com | 7,411 websites |
| .ru | 919 websites |
| .org | 833 websites |
| .it | 452 websites |
| .net | 438 websites |
| .com.br | 344 websites |
| .fr | 322 websites |
| .es | 240 websites |
| .de | 238 websites |
| .co.uk | 230 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-2159
Top websites that are affected by CVE-2024-2159. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| *****.app |  Bulgaria | **,*** | |
| *************.com | United States | **,*** | |
| *********.pl | Poland | **,*** | |
| ******.com | United States | **,*** | |
| *****************.com | United States | **,*** | |
| ****.************.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| **************.com | United States | **,*** |
FAQ
CVE-2024-2159 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Sassy Social Share
A total of 15,939 websites have been identified as vulnerable to CVE-2024-2159, discovered through global website indexing conducted by WebTechSurvey.
Sassy Social Share is susceptible to CVE-2024-2159 vulnerability.
Sassy Social Share versions before 3.3.61 are vulnerable to CVE-2024-2159.
Version 3.3.61 of Sassy Social Share addresses the CVE-2024-2159 security vulnerability.