QwikSec

Security Database

CVE

CWE

Training

CVE-2023-2779

Published: Jun 19, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Vendor	Product	Versions
Unknown	Social Share, Social Login and Social Comments Plugin	affected `0 - < 7.13.52`

References

https://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5

exploit

vdb-entry

technical-description

http://packetstormsecurity.com/files/173053/WordPress-Super-Socializer-7.13.52-Cross-Site-Scripting.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.