Log out
Get PRO

Latest

Input validation vulnerability in Social Share, Social Login and Social Comments Plugin – Super Socializer 7.13.54

  • Severity: medium-risk
  • Status: Fixed
  • Publication: September 5, 2023

The Super Socializer plugin for WordPress contains a security vulnerability that could allow unauthenticated attackers to mark messages as read without needing to authenticate. This vulnerability is present in versions up to, and including, 7.13.54 and can be exploited by tricking an administrator into clicking a malicious link. This is possible because several functions, such as heateor_ss_twitcount_notification_read, heateor_ss_gdpr_notification_read, heateor_ss_fb_redirection_notification_read, heateor_ss_twitter_callback_notification_read, heateor_ss_linkedin_redirect_url_notification_read, heateor_ss_fb_count_notification_read, and heateor_ss_twitter_new_callback_notification_read, do not have a nonce check in place.

Detected in:

Social Share, Social Login and Social Comments Plugin – Super Socializer fixed vulnerable versions: >= * <= 7.13.54

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.