Heateor Sassy Social Share 3.3.23 for WordPress
Approved changes feed: RSS · Atom
cpe:2.3:a:heateor:sassy_social_share:3.3.23:*:*:*:*:wordpress:*:*
part: a version: 3.3.23 update: *
| Vendor | Heateor (a86501fe-4c87-5ea0-8634-4f0364601552) |
|---|---|
| Product | Sassy Social Share (de1c1804-35f7-5c81-ade5-aaa2b20153d3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-39321 |
vulnerable | 2026-06-08 05:33:50.061906 |
Sassy Social Share 3.3.23 PHP Object Injection
HIGH (8.8)
Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function.
Published: 2021-10-21T19:38:52.886Z
Updated: 2025-03-31T17:58:03.771Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.