The AddToAny Share Buttons WordPress plugin prior to 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
addtoany addtoany share buttons |