Search criteria
2 vulnerabilities found for FireCask Like & Share Button by alexmoss
CVE-2024-11226 (GCVE-0-2024-11226)
Vulnerability from cvelistv5 – Published: 2025-01-21 11:09 – Updated: 2025-01-21 14:51
VLAI?
Title
FireCask Like & Share Button <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
Summary
The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| alexmoss | FireCask Like & Share Button |
Affected:
* , ≤ 1.2
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T14:51:07.822462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T14:51:16.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FireCask Like \u0026 Share Button",
"vendor": "alexmoss",
"versions": [
{
"lessThanOrEqual": "1.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The FireCask Like \u0026 Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027width\u0027 parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T11:09:46.724Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b9d61cd-1955-40d0-99b4-c75f480733f8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/facebook-like-send-button/tags/1.2/class-frontend.php#L121"
},
{
"url": "https://wordpress.org/plugins/facebook-like-send-button/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3225838/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-20T22:58:31.000+00:00",
"value": "Disclosed"
}
],
"title": "FireCask Like \u0026 Share Button \u003c= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11226",
"datePublished": "2025-01-21T11:09:46.724Z",
"dateReserved": "2024-11-14T21:23:02.504Z",
"dateUpdated": "2025-01-21T14:51:16.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11226 (GCVE-0-2024-11226)
Vulnerability from nvd – Published: 2025-01-21 11:09 – Updated: 2025-01-21 14:51
VLAI?
Title
FireCask Like & Share Button <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
Summary
The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| alexmoss | FireCask Like & Share Button |
Affected:
* , ≤ 1.2
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T14:51:07.822462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T14:51:16.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FireCask Like \u0026 Share Button",
"vendor": "alexmoss",
"versions": [
{
"lessThanOrEqual": "1.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The FireCask Like \u0026 Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027width\u0027 parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T11:09:46.724Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b9d61cd-1955-40d0-99b4-c75f480733f8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/facebook-like-send-button/tags/1.2/class-frontend.php#L121"
},
{
"url": "https://wordpress.org/plugins/facebook-like-send-button/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3225838/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-20T22:58:31.000+00:00",
"value": "Disclosed"
}
],
"title": "FireCask Like \u0026 Share Button \u003c= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11226",
"datePublished": "2025-01-21T11:09:46.724Z",
"dateReserved": "2024-11-14T21:23:02.504Z",
"dateUpdated": "2025-01-21T14:51:16.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}