WordPress Plugin Vulnerabilities
Super Socializer < 7.13.64 - Editor+ Stored XSS
Description
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Proof of Concept
When creating a new widget, insert the following payload in the "FaceBook URL" field - 40"asdasd=''<script>alert(10)</script>;"
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-03-25 (about 1 months ago)
Added
2024-03-25 (about 1 months ago)
Last Updated
2024-03-25 (about 1 months ago)