Skip to main content

Social Share Social Login And Social Comments Plugin Super Socializer

1 CVEs product

Monthly

CVE-2026-11798 MEDIUM This Month

Reflected Cross-Site Scripting in the Super Socializer WordPress plugin (versions up to and including 7.14.5) enables unauthenticated remote attackers to inject arbitrary JavaScript via the unsanitized 'heateor_mastodon_share' parameter, discovered and reported by Wordfence with source-level confirmation at helper.php lines 1243-1246. Successful exploitation requires social engineering a victim into clicking a crafted URL, after which the payload executes within the victim's browser session in the context of the target WordPress site. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 6.1 (Medium) rating reflects the mandatory user-interaction requirement that constrains opportunistic mass exploitation.

WordPress XSS Social Share Social Login And Social Comments Plugin Super Socializer
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting in the Super Socializer WordPress plugin (versions up to and including 7.14.5) enables unauthenticated remote attackers to inject arbitrary JavaScript via the unsanitized 'heateor_mastodon_share' parameter, discovered and reported by Wordfence with source-level confirmation at helper.php lines 1243-1246. Successful exploitation requires social engineering a victim into clicking a crafted URL, after which the payload executes within the victim's browser session in the context of the target WordPress site. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 6.1 (Medium) rating reflects the mandatory user-interaction requirement that constrains opportunistic mass exploitation.

WordPress XSS Social Share Social Login And Social Comments Plugin Super Socializer
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy