Vulnerabilities (CVE)

Filtered by vendor Heateor Subscribe
Filtered by product Super Socializer
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-35882 1 Heateor 1 Super Socializer 2024-02-04 N/A 5.4 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor Super Socializer plugin <= 7.13.52 versions.
CVE-2021-24987 1 Heateor 1 Super Socializer 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.