CVE-2021-24987: 
WordPress vulnerability analysis and mitigation

CVE-2021-24987 is a Reflected Cross-Site Scripting (XSS) vulnerability discovered in the Super Socializer WordPress plugin versions below 7.13.30. The vulnerability was initially reported to the vendor on November 18th, 2021, and was publicly disclosed on March 15th, 2022. The issue affects the plugin's AJAX functionality and is accessible to both authenticated and unauthenticated users (WPScan).

The vulnerability exists because the plugin fails to properly sanitize and escape the 'urls' parameter in its 'thechampsharing_count' AJAX action before outputting it back in the response. This security flaw is classified as CWE-79 and has been assigned a CVSS score of 6.1 (medium severity). The vulnerability can be triggered through the WordPress admin-ajax.php endpoint (WPScan).

When exploited, this vulnerability allows attackers to execute arbitrary JavaScript code in the context of other users' browsers who visit the specially crafted URL. This could lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected user's session (WPScan).

The vulnerability has been fixed in version 7.13.30 of the Super Socializer plugin. Users are strongly advised to update to this version or later to protect against this security issue (WPScan, Trustwave).