Title: WPT::VulnerabilityFound Last modified: June 16, 2022 --- # WPT::VulnerabilityFound * Resolved [bibliata](https://wordpress.org/support/users/bibliata/) * (@bibliata) * [3 years, 12 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/) * WordPress Toolkit has detected known vulnerabilities on WordPress sites under your care. It is strongly recommended to update or disable vulnerable assets on these sites. You can also configure WordPress Toolkit to perform automatic actions when vulnerabilities are detected. * The following vulnerabilities need your attention because they have to be addressed manually: WordPress Social Media Share Buttons plugin <= 3.8.1 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability Viewing 12 replies - 1 through 12 (of 12 total) * [Rene Hermenau](https://wordpress.org/support/users/renehermi/) * (@renehermi) * [3 years, 11 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15761785) * Hello, * I did not hear back from you after answering your email and asking for details. So if this is still valid, feel free to write again to me. * René * [Rene Hermenau](https://wordpress.org/support/users/renehermi/) * (@renehermi) * [3 years, 11 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15761811) * Edit: I’ve replied to your mail. The mentioned issue ​is not serious and requires that an attacker already has full admin permissions. * However, We are already checking how to close this potential issue. * Thanks for the heads up. * Thread Starter [bibliata](https://wordpress.org/support/users/bibliata/) * (@bibliata) * [3 years, 11 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15761879) * THANK YOU * [Pierre236](https://wordpress.org/support/users/pierreto/) * (@pierreto) * [3 years, 11 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15780568) * I have the same alert, so we don’t have to do anything. * Thanks - This reply was modified 3 years, 11 months ago by [Pierre236](https://wordpress.org/support/users/pierreto/). * [Pierre236](https://wordpress.org/support/users/pierreto/) * (@pierreto) * [3 years, 10 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15840641) * I explained to my hosting company that it was not dangerous and I gave them the link to this post, but they insist that I remove your plugin, which has a security vulnerability that makes the hosting company’s antivirus system go crazy. * Can you do an update to correct this? * [Rene Hermenau](https://wordpress.org/support/users/renehermi/) * (@renehermi) * [3 years, 10 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15860592) * @pierretoand [@bibliata](https://wordpress.org/support/users/bibliata/) We released a new version yesterday. * [eturgetkulf](https://wordpress.org/support/users/eturgetkulf/) * (@eturgetkulf) * [3 years, 10 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15906865) * Hi, iThemes Security still detects a vulnerability with v3.8.3, with no fixes available yet: [https://itsec-site-scanner.ithemes.com/vulnerability-details/djIubG9jYWwuckh5TnlNcmY5Q09CZE1Ia2tqNktNQnBWWGxfdDZ6eHBzS0VaY0sySnVBR0NadmJTN0dmc0E0NWNhNmhUclY5S2QzTnoyUFJiN25LaExkMW9ta3JKQ3lVZDRiUmN3TG0xVllpX2lIcko1TUp2UFhIbWVDRTE5NjNNaTR2UzFtTjk0dEVOQl9aU21oakNLVWZLbWdKT2dwanpUMTZhM0JwWlNtOUFqZl9DNTF4Ylp2MTF0QmpPc2d6Mzd5QXJKZEl5Q185SUcyTEMxSFBVM3ZXanF0aWpkMG5rdm1NOGFFdkh3RFh0UXRNWmcwNlYyaG5VclFCY3YxMFlTSGdtWnlpbThJamQxN1lSMHZvTDZXNWxZb1JrZUk5Z1hsRFNNMGRrRThiaWJuNWNsZzZ0Ul8xMmlmUVdGT2NwdFR3aUp0M243NWlOeFU4bzdTVVlEbkh0VjRNUDZfNHA0TnRHckZVRHZLejhxVXNVOWQyUW9lNG1ydF9feEdr](https://itsec-site-scanner.ithemes.com/vulnerability-details/djIubG9jYWwuckh5TnlNcmY5Q09CZE1Ia2tqNktNQnBWWGxfdDZ6eHBzS0VaY0sySnVBR0NadmJTN0dmc0E0NWNhNmhUclY5S2QzTnoyUFJiN25LaExkMW9ta3JKQ3lVZDRiUmN3TG0xVllpX2lIcko1TUp2UFhIbWVDRTE5NjNNaTR2UzFtTjk0dEVOQl9aU21oakNLVWZLbWdKT2dwanpUMTZhM0JwWlNtOUFqZl9DNTF4Ylp2MTF0QmpPc2d6Mzd5QXJKZEl5Q185SUcyTEMxSFBVM3ZXanF0aWpkMG5rdm1NOGFFdkh3RFh0UXRNWmcwNlYyaG5VclFCY3YxMFlTSGdtWnlpbThJamQxN1lSMHZvTDZXNWxZb1JrZUk5Z1hsRFNNMGRrRThiaWJuNWNsZzZ0Ul8xMmlmUVdGT2NwdFR3aUp0M243NWlOeFU4bzdTVVlEbkh0VjRNUDZfNHA0TnRHckZVRHZLejhxVXNVOWQyUW9lNG1ydF9feEdr) * Even if it is not a serious threat as it requires already having admin access, I would like to know whether you plan on addressing it? * Thanks - This reply was modified 3 years, 10 months ago by [eturgetkulf](https://wordpress.org/support/users/eturgetkulf/). * [Rene Hermenau](https://wordpress.org/support/users/renehermi/) * (@renehermi) * [3 years, 10 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15907275) * Hi, yes, we are working on it. I expect a new release in a few days. * [jimmypbai](https://wordpress.org/support/users/jimmypbai/) * (@jimmypbai) * [3 years, 9 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15925846) * [@renehermi](https://wordpress.org/support/users/renehermi/) any update on this security release? * [Rene Hermenau](https://wordpress.org/support/users/renehermi/) * (@renehermi) * [3 years, 9 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15931639) * Please download latest version 3.8.4 * [jimmypbai](https://wordpress.org/support/users/jimmypbai/) * (@jimmypbai) * [3 years, 9 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15939841) * Hi, I’m still getting warned that this version has known security vulnerabilities. Please see: [https://getshieldsecurity.com/tools/vulnerabilities-lookup/?type=plugin&slug=mashsharer&version=3.8.4](https://getshieldsecurity.com/tools/vulnerabilities-lookup/?type=plugin&slug=mashsharer&version=3.8.4) * [Rene Hermenau](https://wordpress.org/support/users/renehermi/) * (@renehermi) * [3 years, 9 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15959732) * [@jimmypbai](https://wordpress.org/support/users/jimmypbai/) * It’s definitely fixed. The report page says this flaw exists in MashShare version 3.8.2 and lower. * Where did you get the link [https://getshieldsecurity.com/tools/vulnerabilities-lookup/?type=plugin&slug=mashsharer&version=3.8.4](https://getshieldsecurity.com/tools/vulnerabilities-lookup/?type=plugin&slug=mashsharer&version=3.8.4)? * This site seems to have a problem! * You can use a link with a version number that does not even exist, and it will show you data: * [https://getshieldsecurity.com/tools/vulnerabilities-lookup/?type=plugin&slug=mashsharer&version=3.9.0](https://getshieldsecurity.com/tools/vulnerabilities-lookup/?type=plugin&slug=mashsharer&version=3.9.0) Viewing 12 replies - 1 through 12 (of 12 total) The topic ‘WPT::VulnerabilityFound’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/mashsharer_33bbee.svg) * [MashShare - Social Media Share Buttons, Social Share Icons](https://wordpress.org/plugins/mashsharer/) * [Frequently Asked Questions](https://wordpress.org/plugins/mashsharer/#faq) * [Support Threads](https://wordpress.org/support/plugin/mashsharer/) * [Active Topics](https://wordpress.org/support/plugin/mashsharer/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/mashsharer/unresolved/) * [Reviews](https://wordpress.org/support/plugin/mashsharer/reviews/) * 16 replies * 5 participants * Last reply from: [Rene Hermenau](https://wordpress.org/support/users/renehermi/) * Last activity: [3 years, 9 months ago](https://wordpress.org/support/topic/wptvulnerabilityfound/#post-15959732) * Status: resolved