WordPress Social Rocket - Social Sharing Plugin plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id vulnerability

WordPress Social Rocket - Social Sharing Plugin plugin = 1.3.4.2 - Authenticated Subscriber+ Stored Cross-Site Scripting via id vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Social Rocket versions = 1.3.4.2...

EUVD-2024-50455

Malicious code in bioql PyPI...

EUVD-2024-36537

Malicious code in bioql PyPI...

CVE-2024-9697

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweetsettingssave and tweetsettingsupdate functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated...

PT-2025-3735 · WordPress · The Social Rocket – Social Sharing Plugin

Name of the Vulnerable Software and Affected Versions: Social Rocket – Social Sharing Plugin versions up to and including 1.3.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the socialrocket-floating shortcode. This allows...

CVE-2024-37258

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3...

CVE-2024-37258 WordPress Social Rocket plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3...

CVE-2024-37258

CVE-2024-37258 corresponds to a WordPress Social Rocket plugin issue (Reflected XSS) affecting 1.3.3 and earlier. The connected Wordfence entries identify it as an active issue with patched status in the wider intake, but the provided documents do not specify a concrete fixed version. The vulnera...

CVE-2024-37258 WordPress Social Rocket plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Social Rocket allows Reflected XSS.This issue affects Social Rocket: from n/a through 1.3.3...

PT-2024-27422 · Unknown · Social Rocket

Name of the Vulnerable Software and Affected Versions: Social Rocket versions 1.3.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For Social Rock...

WordPress Social Rocket Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Social Rocket Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37258 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44ba23451631 Credits Dimas Maulana Required privilege...

CVE-2022-3136 Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting

The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3136

The CVE-2022-3136 entry concerns the WordPress Social Rocket plugin prior to 1.3.3, where improper sanitising/escaping of settings allows a high-privilege user (e.g., admin) to perform a Stored Cross-Site Scripting attack, even when unfiltered_html is disallowed (e.g., multisite). The vulnerabili...

WordPress Social Rocket plugin <= 1.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Social Rocket plugin versions = 1.3.2. Solution Update the WordPress Social Rocket plugin to the latest available version at least 1.3.3...

Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Logged in the backend of Wordpress as...

WordPress Social Rocket Plugin < 1.2.10 CSRF Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Social Rocket plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Akio Furui in WordPress Social Rocket plugin versions = 1.2.9. Solution Update the WordPress Social Rocket plugin to the latest available version 1.2.10...