CVE-2024-8729: 
WordPress vulnerability analysis and mitigation

The Easy Social Share Buttons plugin for WordPress contains a Reflected Cross-Site Scripting vulnerability (CVE-2024-8729) that affects all versions up to and including 1.4.5. The vulnerability was discovered and reported by Wordfence, with public disclosure on October 9, 2024 (NVD).

The vulnerability stems from improper use of the addqueryarg function without appropriate URL escaping. This implementation flaw has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (Wordfence).

The vulnerability allows unauthenticated attackers to inject arbitrary web scripts that execute when users perform specific actions, such as clicking on a malicious link. This can lead to potential data theft, session hijacking, or other malicious actions performed in the context of the affected user's browser (NVD).

Users should update their Easy Social Share Buttons plugin to a version newer than 1.4.5 if available. Until an update is possible, website administrators should consider disabling the plugin or implementing additional security controls to filter malicious URL parameters (Wordfence).