CVE-2023-2779: 
WordPress vulnerability analysis and mitigation

The Social Share, Social Login and Social Comments WordPress plugin (also known as Super Socializer) before version 7.13.52 contains a reflected Cross-Site Scripting vulnerability. The vulnerability was discovered on May 29, 2023, and affects high privilege users such as administrators. The issue stems from the plugin's failure to properly sanitize and escape a parameter before outputting it back in the page (WPScan, NVD).

The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) with a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The exploit can be triggered through the admin-ajax.php endpoint using the 'thechampsharing_count' action parameter. An example proof of concept involves making a logged-in admin visit a specially crafted URL that includes malicious JavaScript code (WPScan).

When successfully exploited, this vulnerability allows attackers to execute arbitrary JavaScript code in the context of the administrator's browser session. This could potentially lead to unauthorized actions being performed on behalf of the administrator or the theft of sensitive information (WPScan).

The vulnerability has been patched in version 7.13.52 of the plugin. Users are strongly advised to update to this version or later to mitigate the risk (WPScan).