CVE-2023-4773
The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 4,289 live websites that are affected by CVE-2023-4773.
Affected Software
| Product |  WordPress Social Login |
| Category | Wordpress Plugins |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 28 |
| Vulnerable Domains | 4,289 live websites (98.21% of WordPress Social Login install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-4773 and the relative popularity of websitesDetails
- Published - Sep 6, 2023
- Updated - Sep 6, 2023
Credits
- Lana Codes (finder)
CVE References
CWE References
Countries
 United States | 1,281 websites |
 Russia | 293 websites |
 Italy | 259 websites |
 France | 216 websites |
 Germany | 214 websites |
 Spain | 147 websites |
 GB | 133 websites |
 Canada | 96 websites |
 India | 96 websites |
 Poland | 90 websites |
TLDs
| .com | 2,030 websites |
| .ru | 218 websites |
| .org | 164 websites |
| .it | 163 websites |
| .net | 152 websites |
| .pl | 74 websites |
| .com.br | 74 websites |
| .de | 72 websites |
| .fr | 62 websites |
| .co.uk | 58 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-4773 through included software libraries and plugins.References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63?source=cve
- https://plugins.trac.wordpress.org/browser/wordpress-social-login/tags/3.0.4/includes/widgets/wsl.auth.widgets.php#L413
Websites affected by CVE-2023-4773
Top websites that are affected by CVE-2023-4773. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | United States | *,*** | |
| ***.**************.org | United States | **,*** | |
| ****************.com | United States | **,*** | |
| ***.**********************.com | United States | **,*** | |
| **.ru | Russia | **,*** | |
| ***.*********.com | United States | **,*** | |
| ***.************.com |  Hong Kong | ***,*** | |
| ***********.*************.com | United States | ***,*** | |
| *******.us | United States | ***,*** | |
| **************.com | United States | ***,*** |