CVE-2021-24568: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2021-24568 affects the WordPress plugin AddToAny Share Buttons versions prior to 1.7.46. This stored Cross-Site Scripting (XSS) vulnerability was discovered by Asif Nawaz Minhas and publicly disclosed on August 9, 2021. The vulnerability specifically impacts the plugin's Sharing Header setting functionality (WPScan).

The vulnerability stems from improper sanitization of the Sharing Header setting when outputting it in frontend pages. This security flaw allows high-privilege users, such as administrators, to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The vulnerability is classified as CWE-79 and has received a CVSS score of 4.1 (medium severity) (WPScan).

When exploited, this vulnerability allows authenticated users with administrative privileges to inject malicious scripts through the Sharing Header setting. These scripts would then be executed when other users visit the affected frontend pages (WPScan).

The vulnerability has been patched in version 1.7.46 of the AddToAny Share Buttons plugin. Users are advised to update their installations to this version or newer to mitigate the risk (WPScan).