Reflected Cross-Site Scripting Vulnerability in Super Socializer Plugin for WordPress
CVE-2026-11798

6.1MEDIUM

What is CVE-2026-11798?

The Super Socializer plugin for WordPress incorrectly sanitizes and escapes user input through the 'heateor_mastodon_share' parameter. This flaw allows unauthenticated attackers to conduct Reflected Cross-Site Scripting (XSS) attacks, injecting malicious scripts that can execute in the context of users' browsers if they are lured into interacting with manipulated links.

Affected Version(s)

Social Share, Social Login and Social Comments Plugin – Super Socializer 0 <= 7.14.5

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Nguyen
.