CVE-2023-4826 – Socialdriver < 2024 - Prototype Pollution to XSS

https://notcve.org/view.php?id=CVE-2023-4826

The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack. El tema SocialDriver de WordPress anterior a la versión 2024 tiene un prototipo de vulnerabilidad de contaminación que podría permitir a un atacante inyectar propiedades arbitrarias, lo que resultaría en un ataque de cross site scripting (XSS). The Socialdriver plugin for WordPress is vulnerable to prototype pollution in all versions up to 2024 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • http://socialdriver.com https://wpscan.com/vulnerability/99ec0add-8f4d-4d68-91aa-80b1631a53bf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •