Reflected Cross-Site Scripting Vulnerability in Super Socializer Plugin for WordPress
CVE-2026-11798
6.1MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 8 July 2026
What is CVE-2026-11798?
The Super Socializer plugin for WordPress incorrectly sanitizes and escapes user input through the 'heateor_mastodon_share' parameter. This flaw allows unauthenticated attackers to conduct Reflected Cross-Site Scripting (XSS) attacks, injecting malicious scripts that can execute in the context of users' browsers if they are lured into interacting with manipulated links.
Affected Version(s)
Social Share, Social Login and Social Comments Plugin β Super Socializer 0 <= 7.14.5