CVE-2024-8363

Published
View on NVD ↗
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Share This Image
Share This Image
<p><strong>Share selected images with customizable content!</strong></p> <p>This plugin adds social sharing icons to each image in your site.</p> <p>Share This Image is a simple and flexible image sharing plugin for WordPress. It gives you great flexibility to promote your content to the most popular social networks/messengers.</p> <p><a href="https://share-this-image.com/?utm_source=wp-repo&amp;utm_medium=listing&amp;utm_campaign=sti-repo" rel="nofollow ugc">Plugin home page</a> | <a href="https://share-this-image.com/features/?utm_source=wp-repo&amp;utm_medium=listing&amp;utm_campaign=sti-repo" rel="nofollow ugc">Features List</a> | <a href="https://share-this-image.com/?utm_source=wp-repo&amp;utm_medium=listing&amp;utm_campaign=sti-repo" rel="nofollow ugc">Live DEMO</a></p> <h4>Main Features</h4> <ul> <li>Supports all most popular social networks/messengers: <strong>facebook</strong>, <strong>x</strong>, <strong>linkedin</strong>, <strong>pinterest</strong>, <strong>tumblr</strong>, <strong>WhatsApp</strong>, <strong>Telegram</strong>, <strong>Messenger</strong>, <strong>reddit</strong>, <strong>vkontakte</strong>, <strong>odnoclassniki</strong>.</li> <li><strong>Exact sharing</strong> &#8211; user will share exactly the same image that he wants.</li> <li><strong>Select what images to share</strong>. Share all images of your site or just from several pages. Or just single images that you want. All this is possible!</li> <li><strong>Customize content</strong> &#8211; fully customizable url, image, title and content that you want to share.</li> <li><strong>Short links</strong> &#8211; build-in feature to create the short attractive looking version of sharing URL.</li> <li><strong>Powerful Admin Panel</strong> – all settings in one page.</li> <li>Build-in <strong>shortcode</strong> for easier work.</li> <li><strong>Fast</strong> &#8211; Nothing extra. Just what you need for proper work.</li> <li><strong>Not only images</strong> – apply it not only for images but for any block of content with specified data-media attributes.</li> <li><strong>Google Analytics</strong> support.</li> <li>Supports all major desktop browsers (IE8, IE9, IE10, Chrome, Firefox, Safari, Opera) and mobile browsers.</li> </ul> <h4>Premium Features</h4> <p><a href="https://share-this-image.com/?utm_source=wp-repo&amp;utm_medium=listing&amp;utm_campaign=sti-repo" rel="nofollow ugc">Premium Version</a></p> <ul> <li>New sharing buttons &#8211; <strong>download</strong> image button, <strong>link</strong> button, <strong>embed</strong> code, <strong>email</strong> sharing and <strong>Houzz</strong> sharing.</li> <li>Advanced <strong>content customization</strong> and content variables support. Set sources for sharing content and change their priority.</li> <li>Fully customize shared <strong>title</strong>, <strong>description</strong>, <strong>image</strong> and <strong>url</strong>.</li> <li><strong>Individual buttons content</strong> &#8211; customize what content to share individually for each sharing button.</li> <li>Set of <strong>styling options</strong> &#8211; predefined icons styles, horizontal or vertical view, offsets by x and y planes.</li> <li><strong>Individual buttons styles</strong> &#8211; set a unique style for each of your sharing buttons.</li> <li>Buttons <strong>positions</strong> &#8211; choose one of sharing buttons positions: on image, on image (hover), before image, after image.</li> <li>Additional sharing buttons <strong>display rules</strong> &#8211; show or not sharing buttons based on current page and user conditions.</li> <li>New option in admin page to <strong>exclude all images from desired pages</strong> from sharing.</li> <li><strong>Auto-scroll</strong> your visitors to the exact location of the image they came to see.</li> <li>Priority support.</li> </ul> <h4>Plugin Links</h4> <p><a href="https://share-this-image.com/?utm_source=wp-repo&amp;utm_medium=listing&amp;utm_campaign=sti-repo" rel="nofollow ugc">Home Page</a><br /> <a href="https://share-this-image.com/features/?utm_source=wp-repo&amp;utm_medium=listing&amp;utm_campaign=sti-repo" rel="nofollow ugc">Features List</a><br /> <a href="https://share-this-image.com/pricing/?utm_source=wp-repo&amp;utm_medium=listing&amp;utm_campaign=sti-repo" rel="nofollow ugc">Pricing</a><br /> <a href="https://share-this-image.com/guide/?utm_source=wp-repo&amp;utm_medium=listing&amp;utm_campaign=sti-repo" rel="nofollow ugc">Docs</a><br /> <a href="https://share-this-image.com/faq/?utm_source=wp-repo&amp;utm_medium=listing&amp;utm_campaign=sti-repo" rel="nofollow ugc">FAQ</a></p>
WordPress Plugin DirectoryWordPress Plugin Directory
139K