CVE-2023-2779

high-risk

Published 2023-06-19

The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Do I need to act?

30.8% chance of exploitation in next 30 days

EPSS score — higher than 69% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

51534

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Social Share\, Social Login And Social Comments

Affected Vendors

Heator

References (5)

Exploit http://packetstormsecurity.com/files/173053/WordPress-Super-Socializer-7.13.52-C...

Exploit https://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5

Exploit http://packetstormsecurity.com/files/173053/WordPress-Super-Socializer-7.13.52-C...

Exploit https://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5

https://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5/

/ 100

high-risk

Severity 23/34 · High

Exploitability 23/34 · High

Exposure 5/34 · Minimal