CVE-2023-4826
Socialdriver < 2024 - Prototype Pollution to XSS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack.
El tema SocialDriver de WordPress anterior a la versión 2024 tiene un prototipo de vulnerabilidad de contaminación que podría permitir a un atacante inyectar propiedades arbitrarias, lo que resultaría en un ataque de cross site scripting (XSS).
The Socialdriver plugin for WordPress is vulnerable to prototype pollution in all versions up to 2024 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-09-07 CVE Reserved
- 2023-09-11 CVE Published
- 2024-02-24 EPSS Updated
- 2024-11-04 CVE Updated
- 2024-11-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://socialdriver.com |
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/99ec0add-8f4d-4d68-91aa-80b1631a53bf | 2024-11-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Unknown Search vendor "Unknown" | Socialdriver Search vendor "Unknown" for product "Socialdriver" | < 2024 Search vendor "Unknown" for product "Socialdriver" and version " < 2024" | en |
Affected
| ||||||