CVE-2021-24486: 
WordPress vulnerability analysis and mitigation

The Simple Social Media Share Buttons – Social Sharing for Everyone WordPress plugin versions before 3.2.3 contained a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and reported on July 26, 2021, and was assigned the identifier CVE-2021-24486. The issue affected the plugin's SSB shortcode implementation, specifically in how it handled the align and likebuttonsize parameters (WPScan).

The vulnerability stems from improper input validation where the plugin failed to properly escape the align and likebuttonsize parameters in its SSB shortcode. The vulnerability has been assigned a CVSS score of 6.8 (medium severity) and is classified under CWE-79. The issue falls under the OWASP Top 10 category A7: Cross-Site Scripting (XSS) (WPScan).

The vulnerability allows users with privileges as low as Contributor to perform Stored Cross-Site Scripting attacks. This means that malicious actors with minimal access rights could inject and store malicious scripts that would execute when other users view the affected content (WPScan).

The vulnerability has been fixed in version 3.2.3 of the Simple Social Media Share Buttons plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).