CVE-2023-41802 – Super Socializer <= 7.13.54 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2023-41802

The Super Socializer plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce checks on several functions such as heateor_ss_twitcount_notification_read, heateor_ss_gdpr_notification_read, heateor_ss_fb_redirection_notification_read, heateor_ss_twitter_callback_notification_read, heateor_ss_linkedin_redirect_url_notification_read, heateor_ss_fb_count_notification_read, heateor_ss_twitter_new_callback_notification_read, and more in versions up to, and including, 7.13.54. This makes it possible for unauthenticated attackers to mark messages as read, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •