Security vulnerabiity | ww.wp.xz.cn

Resolved Debbie D.
(@debbie-doglady)

7 months, 1 week ago

According to Wordfence:

The Highlight and Share – Social Text and Image Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

https://www.wordfence.com/help/scan/scan-results/?utm_source=plugin&utm_medium=pluginUI&utm_campaign=docsIcon#plugin-has-a-security-vulnerability

Is there a fix for this? Thanks!

The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter Debbie D.
(@debbie-doglady)

6 months, 1 week ago

Is there any update about this? Wordfence is still flagging it as of Oct. 28/25
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/highlight-and-share/highlight-and-share-social-text-and-image-sharing-511-authenticated-contributor-stored-cross-site-scripting

Plugin Author Ronald Huereca
(@ronalfy)

5 months, 3 weeks ago

Hi @debbie-doglady apologies for the delay. It took me some time to track down the original reporter and to confirm the vulnerability.

I have released 5.2.0, which fixes it. It’ll take a bit of time before the originator can verify the fix and remove the security warning from Patchstack/Wordfence, etc.

Thanks for bringing this to my attention.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

4 replies
2 participants
Last reply from: Ronald Huereca
Last activity: 5 months, 3 weeks ago
Status: resolved