The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE ID: CVE-2024-4094
Vendor: Unknown
Product: Simple Share Buttons Adder
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 6.53% (scored less or equal to compared to others)
EPSS Date: 2025-04-16 (when was this score calculated)
SSVC Exploitation: poc
SSVC Technical Impact: partial
SSVC Automatable: false