CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

CVE-2026-1923

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00037EPSS

Exploits0References1

EUVD•added 2026/04/23 4:0 a.m.•2 views

EUVD-2026-25148

6.4CVSS5.9AI score0.00037EPSS

Exploits0References3

CVE•added 2026/04/23 1:24 a.m.•11 views

CVE-2026-1923

CVE-2026-1923 affects the WordPress plugin Social Rocket – Social Sharing Plugin. The vulnerability is a stored XSS via the id parameter in all versions up to and including 1.3.4.2, caused by insufficient input sanitization and output escaping. Exploitation requires authentication at Subscriber l...

6.4CVSS5.9AI score0.00037EPSS

Exploits0References2

Cvelist•added 2026/04/23 1:24 a.m.•28 views

CVE-2026-1923 Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id

6.4CVSS0.00037EPSS

Exploits0References2

ATTACKERKB•added 2026/04/23 1:24 a.m.•2 views

CVE-2026-1923

6.4CVSS5.9AI score0.00037EPSS

Exploits0References3

CNNVD•added 2026/04/23 12:0 a.m.•5 views

WordPress plugin Social Rocket – Social Sharing Plugin 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00037EPSS

Exploits0References1

Positive Technologies•added 2026/04/23 12:0 a.m.•3 views

PT-2026-34627

6.4CVSS5.9AI score0.00037EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-50454

Malicious code in bioql PyPI...

5.3CVSS8.7AI score0.00438EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 8:14 a.m.•3 views

CVE-2024-9702

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5AI score0.0031EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:53 p.m.•5 views

CVE-2022-3136

The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00218EPSS

Exploits2References1

OSV•added 2025/01/07 6:15 a.m.•3 views

CVE-2024-9702

5.4CVSS7.4AI score

Exploits0References2

NVD•added 2025/01/07 6:15 a.m.•9 views

CVE-2024-9702

6.4CVSS0.0031EPSS

Exploits0References2

NVD•added 2025/01/07 6:15 a.m.•13 views

CVE-2024-9697

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweetsettingssave and tweetsettingsupdate functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated...

5.3CVSS0.00438EPSS

Exploits0References5

Vulnrichment•added 2025/01/07 5:23 a.m.•8 views

CVE-2024-9702 Social Rocket <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.7AI score0.0031EPSS

Exploits0References2

CVE•added 2025/01/07 5:23 a.m.•42 views

CVE-2024-9702

CVE-2024-9702 : The Social Rocket – Social Sharing Plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (Stored XSS) via the plugin’s shortcodes, specifically the socialrocket-floating shortcode, in all versions up to and including 1.3.4. The vulnerability arises from insufficient ...

6.4CVSS5.7AI score0.0031EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/01/07 5:23 a.m.•15 views

CVE-2024-9702 Social Rocket <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.0031EPSS

Exploits0References2

Vulnrichment•added 2025/01/07 5:23 a.m.•7 views

CVE-2024-9697 Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update

5.3CVSS6.5AI score0.00438EPSS

Exploits0References5

Cvelist•added 2025/01/07 5:23 a.m.•18 views

CVE-2024-9697 Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update

5.3CVSS0.00438EPSS

Exploits0References5

CVE•added 2025/01/07 5:23 a.m.•42 views

CVE-2024-9697

CVE-2024-9697 concerns the WordPress plugin Social Rocket – Social Sharing Plugin . The vulnerability is an unauthorized data modification flaw caused by a missing capability check in tweet_settings_save() and tweet_settings_update() across all versions up to and including 1.3.4. This permits aut...

5.3CVSS5AI score0.00438EPSS

Exploits0References5Affected Software1

CNNVD•added 2025/01/07 12:0 a.m.•1 views

WordPress plugin Social Rocket 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.6AI score0.0031EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by