CVE-2023-2779

MEDIUM NUCLEI

Social Share, Social Login and Social Comments < 7.13.52 - Reflected Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-2779. PoCs published by Amirhossein Bahramizadeh. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Super Socializer 7.13.52 by injecting an img tag with an onerror handler into the 'urls' parameter of the admin-ajax.php endpoint. The payload triggers an alert with the document domain when the response is rendered.

Description

The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Amirhossein Bahramizadeh · pythonwebappsphp

https://www.exploit-db.com/exploits/51534

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in Super Socializer 7.13.52 by injecting an img tag with an onerror handler into the 'urls' parameter of the admin-ajax.php endpoint. The payload triggers an alert with the document domain when the response is rendered.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Super Socializer WordPress plugin 7.13.52

No auth needed

Prerequisites: Access to the vulnerable WordPress site's admin-ajax.php endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Super Socializer < 7.13.52 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

Shodan: http.html:/wp-content/plugins/super-socializer/

FOFA: body=/wp-content/plugins/super-socializer/

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/173053/WordPress-Super-Socializer-7.13.52-Cross-Site-Scripting.html

Third Party Advisory

https://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5/

Exploit exploit vdb-entry technical-description

https://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5

Scores

CVSS v3 6.1

EPSS 0.0505

EPSS Percentile 91.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

Status published

Products (1)

heator/social_share\,_social_login_and_social_comments < 7.13.52

Published Jun 19, 2023

Tracked Since Feb 18, 2026