Super Socializer < 7.13.64 - Editor+ Stored XSS

2024-03-2500:00:00

Dmitrii Ignatyev

super socializer

version 7.13.64

editor+

stored xss

creating widget

malicious payload

exploit

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

When creating a new widget, insert the following payload in the "FaceBook URL" field - 40"asdasd=''<script>alert(10)</script>;"