CVE-2024-13615: 
WordPress vulnerability analysis and mitigation

The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through version 1.3.6 contains a stored Cross-Site Scripting (XSS) vulnerability. This security issue was discovered in February 2025 and affects the plugin's settings functionality (WPScan).

The vulnerability stems from improper sanitization and escaping of certain plugin settings. This security flaw allows high-privilege users such as administrators to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed, such as in multisite setups. The vulnerability has been assigned a CVSS v3.1 score of 3.5 (Low) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N (NVD).

The vulnerability could allow authenticated administrators to inject malicious scripts into the plugin's settings, which could then be executed when other users access specific areas of the WordPress admin panel. This could potentially lead to unauthorized actions being performed in the context of the victim's session (WPScan).

Currently, there is no known fix available for this vulnerability. Users should consider implementing additional security measures or limiting administrative access to trusted users until a patch is released (WPScan).