CVE-2024-8108

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-8108
The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/5cb5368f-99b1-43e3-a2e4-67e90c8edfcf?source=cve Third Party Advisory
https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.01/includes/modules/gutenberg/class-sti-gutenberg-init.php#L127 Issue Tracking
https://wordpress.org/plugins/share-this-image/#developers Product
https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.01/includes/modules/gutenberg/sti-gutenberg-buttons.js#L42 Issue Tracking
https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.01/includes/modules/gutenberg/sti-gutenberg-buttons.js#L146 Issue Tracking
https://plugins.trac.wordpress.org/changeset/3144334/ Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:share_this_image_project:share_this_image:*:*:*:*:*:wordpress:*:*
History

19 Sep 2024, 13:37

Type Values Removed Values Added
CPE cpe:2.3:a:share_this_image_project:share_this_image:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4
References () https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.01/includes/modules/gutenberg/sti-gutenberg-buttons.js#L146 - () https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.01/includes/modules/gutenberg/sti-gutenberg-buttons.js#L146 - Issue Tracking
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/5cb5368f-99b1-43e3-a2e4-67e90c8edfcf?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/5cb5368f-99b1-43e3-a2e4-67e90c8edfcf?source=cve - Third Party Advisory
References () https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.01/includes/modules/gutenberg/sti-gutenberg-buttons.js#L42 - () https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.01/includes/modules/gutenberg/sti-gutenberg-buttons.js#L42 - Issue Tracking
References () https://plugins.trac.wordpress.org/changeset/3144334/ - () https://plugins.trac.wordpress.org/changeset/3144334/ - Broken Link
References () https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.01/includes/modules/gutenberg/class-sti-gutenberg-init.php#L127 - () https://plugins.trac.wordpress.org/browser/share-this-image/tags/2.01/includes/modules/gutenberg/class-sti-gutenberg-init.php#L127 - Issue Tracking
References () https://wordpress.org/plugins/share-this-image/#developers - () https://wordpress.org/plugins/share-this-image/#developers - Product
First Time Share This Image Project
Share This Image Project share This Image

31 Aug 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-31 09:15

Updated : 2024-09-19 13:37

NVD link : CVE-2024-8108

Mitre link : CVE-2024-8108

JSON object : View

Products Affected

share_this_image_project

  • share_this_image
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')