/

CVE-2024-1989 Report - Details, Severity, & Advisories

CVE-2024-1989 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1989?

CVE-2024-1989 is a medium-severity vulnerability affecting the Sassy Social Share plugin for WordPress, specifically versions up to and including 3.3.58. This vulnerability allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages, which then execute when a user accesses the affected page. Websites using the vulnerable plugin are at risk, making it crucial for administrators to update to a secure version to protect their site and users.

Who is impacted?

The CVE-2024-1989 vulnerability affects the Sassy Social Share plugin for WordPress, specifically all versions up to and including 3.3.58. This security issue allows authenticated attackers with contributor-level permissions or higher to inject harmful web scripts into pages. When a user accesses an affected page, these scripts execute, potentially causing harm to the website and its users. It is important for website administrators to be aware of this vulnerability and take necessary precautions to protect their site and users.

What to do if CVE-2024-1989 affected you

If you're affected by the CVE-2024-1989 vulnerability, it's crucial to update your Sassy Social Share plugin to the latest version. Here's a simple guide:

  1. Go to your WordPress dashboard.

  2. Navigate to "Plugins" > "Installed Plugins".

  3. Find "Sassy Social Share" in the list.

  4. Click the "Update Now" link if an update is available.

After updating, review and adjust the plugin settings to ensure they align with your website's needs and the latest features.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1989 vulnerability is currently awaiting analysis in CISA's Known Exploited Vulnerabilities Catalog. It is a stored cross-site scripting issue in the Sassy Social Share plugin for WordPress. The vulnerability was added to the catalog on March 6, 2024, but no due date or required action has been specified yet.

Weakness Enumeration

The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

CVE-2024-1989 is a stored cross-site scripting vulnerability in the Sassy Social Share plugin for WordPress, affecting versions up to and including 3.3.58. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-1989 Report - Details, Severity, & Advisories

CVE-2024-1989 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1989?

CVE-2024-1989 is a medium-severity vulnerability affecting the Sassy Social Share plugin for WordPress, specifically versions up to and including 3.3.58. This vulnerability allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages, which then execute when a user accesses the affected page. Websites using the vulnerable plugin are at risk, making it crucial for administrators to update to a secure version to protect their site and users.

Who is impacted?

The CVE-2024-1989 vulnerability affects the Sassy Social Share plugin for WordPress, specifically all versions up to and including 3.3.58. This security issue allows authenticated attackers with contributor-level permissions or higher to inject harmful web scripts into pages. When a user accesses an affected page, these scripts execute, potentially causing harm to the website and its users. It is important for website administrators to be aware of this vulnerability and take necessary precautions to protect their site and users.

What to do if CVE-2024-1989 affected you

If you're affected by the CVE-2024-1989 vulnerability, it's crucial to update your Sassy Social Share plugin to the latest version. Here's a simple guide:

  1. Go to your WordPress dashboard.

  2. Navigate to "Plugins" > "Installed Plugins".

  3. Find "Sassy Social Share" in the list.

  4. Click the "Update Now" link if an update is available.

After updating, review and adjust the plugin settings to ensure they align with your website's needs and the latest features.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1989 vulnerability is currently awaiting analysis in CISA's Known Exploited Vulnerabilities Catalog. It is a stored cross-site scripting issue in the Sassy Social Share plugin for WordPress. The vulnerability was added to the catalog on March 6, 2024, but no due date or required action has been specified yet.

Weakness Enumeration

The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

CVE-2024-1989 is a stored cross-site scripting vulnerability in the Sassy Social Share plugin for WordPress, affecting versions up to and including 3.3.58. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-1989 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1989?

CVE-2024-1989 is a medium-severity vulnerability affecting the Sassy Social Share plugin for WordPress, specifically versions up to and including 3.3.58. This vulnerability allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages, which then execute when a user accesses the affected page. Websites using the vulnerable plugin are at risk, making it crucial for administrators to update to a secure version to protect their site and users.

Who is impacted?

The CVE-2024-1989 vulnerability affects the Sassy Social Share plugin for WordPress, specifically all versions up to and including 3.3.58. This security issue allows authenticated attackers with contributor-level permissions or higher to inject harmful web scripts into pages. When a user accesses an affected page, these scripts execute, potentially causing harm to the website and its users. It is important for website administrators to be aware of this vulnerability and take necessary precautions to protect their site and users.

What to do if CVE-2024-1989 affected you

If you're affected by the CVE-2024-1989 vulnerability, it's crucial to update your Sassy Social Share plugin to the latest version. Here's a simple guide:

  1. Go to your WordPress dashboard.

  2. Navigate to "Plugins" > "Installed Plugins".

  3. Find "Sassy Social Share" in the list.

  4. Click the "Update Now" link if an update is available.

After updating, review and adjust the plugin settings to ensure they align with your website's needs and the latest features.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1989 vulnerability is currently awaiting analysis in CISA's Known Exploited Vulnerabilities Catalog. It is a stored cross-site scripting issue in the Sassy Social Share plugin for WordPress. The vulnerability was added to the catalog on March 6, 2024, but no due date or required action has been specified yet.

Weakness Enumeration

The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

CVE-2024-1989 is a stored cross-site scripting vulnerability in the Sassy Social Share plugin for WordPress, affecting versions up to and including 3.3.58. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.