The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateor_mastodon_share' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
History

Fri, 10 Jul 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared The Champ
The Champ social Share, Social Login And Social Comments Plugin – Super Socializer
Wordpress
Wordpress wordpress
Vendors & Products The Champ
The Champ social Share, Social Login And Social Comments Plugin – Super Socializer
Wordpress
Wordpress wordpress

Wed, 08 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 08 Jul 2026 05:45:00 +0000

Type Values Removed Values Added
Description The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateor_mastodon_share' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Title Social Share, Social Login and Social Comments Plugin <= 7.14.5 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2026-07-08T05:34:07.784Z

Updated: 2026-07-08T15:06:40.488Z

Reserved: 2026-06-09T13:39:24.046Z

Link: CVE-2026-11798

cve-icon Vulnrichment

Updated: 2026-07-08T15:06:37.705Z

cve-icon NVD

No data.

cve-icon Redhat

No data.