CVE-2024-9697
- EPSS 0.1%
- Published 07.01.2025 06:15:18
- Last modified 25.02.2025 22:52:53
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and includin...
CVE-2024-9702
- EPSS 0.04%
- Published 07.01.2025 06:15:18
- Last modified 25.02.2025 22:52:30
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and outp...
CVE-2024-37258
- EPSS 0.2%
- Published 22.07.2024 09:15:05
- Last modified 21.11.2024 09:23:29
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3.
CVE-2022-3136
- EPSS 0.11%
- Published 10.10.2022 21:15:11
- Last modified 21.11.2024 07:18:54
The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...