Description
WordPress Plugin AddToAny Share Buttons is prone to a host header injection vulnerability because it fails to properly validate an HTTP request header. A successful attack may allow attackers to insert a crafted host header to navigate the victim to the attacker's domain. WordPress Plugin AddToAny Share Buttons version 1.7.14 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.15 or latest
References
Related Vulnerabilities
WordPress Plugin Local Weather Cross-Site Scripting (1.0)
WordPress Plugin SagePay Server Gateway for WooCommerce Cross-Site Scripting (1.0.8)
Drupal Core 8.3.0 Security Bypass (8.3.0 - 8.3.0)
WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.3)
WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Request Forgery (6.5.4)