Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-35882 | 1 Heateor | 1 Super Socializer | 2024-02-04 | N/A | 5.4 MEDIUM |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor Super Socializer plugin <= 7.13.52 versions. | |||||
CVE-2021-24987 | 1 Heateor | 1 Super Socializer | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue. |