sharethis CVE Vulnerabilities & Metrics

Focus on sharethis vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About sharethis Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with sharethis. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total sharethis CVEs: 3
Earliest CVE date: 05 Sep 2013, 03:27 UTC
Latest CVE date: 18 Jun 2024, 06:15 UTC

Latest CVE reference: CVE-2024-4094

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical sharethis CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.28

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	3
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS sharethis CVEs

These are the five CVEs with the highest CVSS scores for sharethis, sorted by severity first and recency.

CVE-2014-4717 sharethis Published on 03 Jul 2014, 14:55 UTC (CVSS: 6.8)
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and un...
CVE-2013-3479 sharethis Published on 05 Sep 2013, 03:27 UTC (CVSS: 6.8)
Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.
CVE-2021-24438 sharethis Published on 30 Aug 2021, 15:15 UTC (CVSS: 4.3)
The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
CVE-2021-36848 sharethis Published on 11 Apr 2022, 20:15 UTC (CVSS: 3.5)
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4
CVE-2024-4094 sharethis Published on 18 Jun 2024, 06:15 UTC (CVSS: 0)
The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

All CVEs for sharethis

CVE-2024-4094 sharethis vulnerability CVSS: 0 18 Jun 2024, 06:15 UTC

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVE-2021-36848 sharethis vulnerability CVSS: 3.5 11 Apr 2022, 20:15 UTC

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4

CVE-2021-24438 sharethis vulnerability CVSS: 4.3 30 Aug 2021, 15:15 UTC

The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator

CVE-2014-4717 sharethis vulnerability CVSS: 6.8 03 Jul 2014, 14:55 UTC

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.

CVE-2013-3479 sharethis vulnerability CVSS: 6.8 05 Sep 2013, 03:27 UTC

Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.